xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Suggestions for a JSON representation of the XACML request - JSON profile
- From: David Brossard <david.brossard@axiomatics.com>
- To: xacml <xacml@lists.oasis-open.org>
- Date: Wed, 9 May 2012 18:20:33 -0700
Dear all,
I've had a look at the reference definition of a XACML request defined in 5.42 Element <Request> on line 2726 of the specification PDF.
I want to make a simple JSON representation. To do this I want to assume default values. For instance, ReturnPolicyIdList is a required attribute. In my vision of the JSON representation, I would not force users to use it and assume a default value of true or false. The JSON profile would be responsible for defining default values.
The same would apply to CombinedDecision.
In JSON, I would also not include the RequestDefaults element since its use is mainly for XPath (and therefore XML content which isn't applicable in JSON).
With respect to MultiRequests, I'm undecided. It's a nice feature of the MDP profile but I am not sure it's actually that easy to use. We could do with the repeated attributes element as defined in the Multiple Decision Profile.
So all is left to specify in JSON is the XACML Attributes element and the XACML Attribute element.
With respect to the Attributes element, does it make sense to have a <Content> element still? Could we assume that as an empty <Content> element.
As for the Category attribute of the Attributes element, I believe we need to define shorthand values for the longer category identifiers. JSON will be particulary appealing if the ids are kept short and human-readable. This means the profile must define these shorthand values.
Finally, the Attribute element: an attribute is a set of values, an identifier, an issuer and a datatype. We could easily represent that as
{
"id" : "my-attr"
"datatype" : "string"
"issuer" : ""
"value" : ["value1","value2"]
}
includeInResult could be omitted and assumed to be false.
Please find below a sample XACML request and its JSON equivalent.
<xacml-ctx:Request ReturnPolicyIdList="true" CombinedDecision="false" xmlns:xacml-ctx="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
<xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" >
<xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="true">
<xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Alice</xacml-ctx:AttributeValue>
</xacml-ctx:Attribute>
</xacml-ctx:Attributes>
<xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" >
</xacml-ctx:Attributes>
<xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" >
<xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="true">
<xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">hello</xacml-ctx:AttributeValue>
</xacml-ctx:Attribute>
</xacml-ctx:Attributes>
<xacml-ctx:Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" >
<xacml-ctx:Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="true">
<xacml-ctx:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">say</xacml-ctx:AttributeValue>
</xacml-ctx:Attribute>
</xacml-ctx:Attributes>
</xacml-ctx:Request>
{
{
"category" : "subject"
{
{
"id" : "subject-id"
"datatype" : "string"
"issuer" : ""
"value" : "alice"
}
}
}
{
"category" : "action"
{
{
"id" : "action-id"
"datatype" : "string"
"issuer" : ""
"value" : "say"
}
}
}
{
"category" : "resource"
{
{
"id" : "resource-id"
"datatype" : "string"
"issuer" : ""
"value" : "hello"
}
}
}
}
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]