[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Question on the REST Profile, XML, and JSON
Hi David, HTTP allows
Content-Type and
Accept to be different, so yes, in theory a client could supply a JSON request and ask for an
XML response or vice versa. I don’t have a good use case for that, but I also don’t see a reason to explicitly forbid it. [BTW, note that
Accept may contain multiple media types in preference order, while
Content-Type is always a single media type.] If a server is not capable or willing to honor such a request, it can always respond with a 406 status code: http://tools.ietf.org/html/rfc2616#section-10.4.7 The server is also allowed to ignore the
Accept header and return the XACML response in the same format as the XACML request (see the
Note in the linked to section). Thanks, Ray P.S. My implementation happily supports the weird scenario you presented. Here’s how I did that: http://securesoftwaredev.com/2012/09/17/supporting-multiple-xacml-representations/ From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org]
On Behalf Of David Brossard Hi all, Ray,
Looking back at the REST profile of XACML, you define 2 HTTP headers:
According to the HTTP spec, the Accept request-header field can be used to specify certain media types which are acceptable for the response. The Content-Type entity-header field indicates the media type of the entity-body sent to the recipient Does it mean I can send a JSON XACML request and have Accept set to XML in which case the PDP replies with an XML encoded XACML response? And vice-versa? Should we explicitly prevent
that? Is there a good use case? Cheers, David. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]