OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] [xacml-users] REST Profile - PDP Issues

-----Original Message-----
From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Hal Lockhart
Sent: Thursday, May 17, 2012 7:42 AM
To: remon.sinnema@emc.com; xacml@lists.oasis-open.org
Subject: RE: [xacml] [xacml-users] REST Profile - PDP Issues

> > Section 2.2.2 is not very clear about what precisely goes into the 
> > POST request and response exchanged with a PDP, but the example 
> > shows XACML <Request> and <Response> elements being sent.
> Yeah, I struggled with that a bit. Since the actual media type 
> definitions are now outside the REST profile, I find it difficult to 
> be precise. Any suggestions for improvement?
I don't see why you can explicitly call out schema and outermost XML element and specifically say you must send this or can send either this or this.

Hal, did you mean "cannot explicitly..." there?

> Since we're using POST, which is non-idempotent 
> (http://tools.ietf.org/html/rfc2616#section-9.1.2), we must not use 
> HTTP pipelining (http://tools.ietf.org/html/rfc2616#section-

My reading of rfc 2616 - 9.1.2 is that POST is not REQUIRED to be idempotent. As a matter of fact, we know an XACML decision request IS idempotent.

?? The XACML decision request POST may be idempotent on the request side, but not on the response side. Identical XACML requests may return different responses if the policies in force are dependent upon time of request or other contextual data not carried in the request that changes between requests.  Access permitted at 4:59pm, access denied at 5:01pm.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]