OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Groups - REST Profile of XACML v3.0 Version 1.0, working draft 02 uploaded

Feedback on the REST profile draft:


Section 2.3 Resources

“Each section defines with operations are supported… ”    typo.  with => which



It would be helpful if there were non-normative examples urls for illustration. I realize that since the REST responses are supposed to be self-documenting for discovery, specifying the URL patterns should not be part of the normative text.  Including examples in the normative sections 2.3.* might be confusing to keep normative separate from nonnormative, but perhaps a new examples section that follows the normative 2.3.* text?


For example, what is the REST entry point referred to in 2.3.1?  For a PDP at http://pdp.example.com/v1/, is the REST entry point described in 2.3.1 http:/pdp.example.com/, which will list the v1 url as one of the interfaces provided by that server and only that server?  Or is the REST entry point an entirely separate service entity (http://discover.example.com) which lists available PDP (and other) interfaces on all servers?



Section 2.3.1 REST Entry Point uses HTTP GET to obtain information about what services / interfaces are available.  Isn’t that the job of the HTTP OPTIONS method?



Should section 2.3.1 mention anything about best-practices such as filtering results to only return links to services that the client credentials are authorized to use?  If an organization has multiple PDPs running, and some of them are domain specific and only accessible to certain clients, it could be considered a breach of disclosure if the REST Entry Point returned all the PDP services links, including links to services that the client can’t access.



Section 2.3.3 Policy Administration Point

GET returns a list of available XACML policies.  It would be helpful to mention the use of “next”, “prev” link relations to manage pagination of large result sets.   http://www.iana.org/assignments/link-relations/link-relations.xml







Danny Thorpe

Product Architect | | Quest Software - Now including the people and products of BiTKOO | www.quest.com


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]