Hi all, Ray,
Looking back at the REST profile of XACML, you define 2 HTTP headers:
According to the HTTP spec, the Accept request-header field can be used to specify certain media types which are acceptable for the response.
The Content-Type entity-header field indicates the media type of the entity-body sent to the recipient
Does it mean I can send a JSON XACML request and have Accept set to XML in which case the PDP replies with an XML encoded XACML response? And vice-versa? Should we explicitly prevent that? Is there a good use case?
Cheers,
David.