I think how the XACML Policy Id value is mapped onto a REST URI corresponding to the policy document should be left up to the service implementer.
When submitting a DELETE operation, clients should use the content URI. Clients should not be responsible for (and should be discouraged from) composing the
policy ID into a URI, since that mapping is determined by the service implementer and may vary from vendor to vendor.
Product Architect |
Quest Software -
Now including the people and products of BiTKOO |
From: email@example.com [mailto:firstname.lastname@example.org]
On Behalf Of Craig R Forster
Sent: Tuesday, May 22, 2012 9:11 AM
Subject: [xacml] XACML REST profile -- <content> vs <id>
In the latest working draft, the example around deleting a policy starts with this returned from GET /authorization/policies:
HTTP/1.0 200 OK
<link rel="self" href="">
<title>Access Control Policies</title>
<updated>Thu, 3 May 2012 21:36:24 GMT</updated>
<title>Medi Corp access control policy</title>
<link rel="alternate" href="">
<content type="application/xacml+xml" src="">
<summary>Medi Corp access control policy</summary>
<!-- More entries -->
Then the instructions "The client looks up the entry with the id that matches the policy’s PolicyId" followed by a DELETE request to /authorization/policies/1.
This doesn't appear to line up with the example. When constructing the URL, should implementers build a URL based on the <id> of the entrry, or should they follow the <content> link of the entry? In this example, it appears the DELETE request was based on the
<content> link not by building a URI based on the <id>.
craig forster | technical lead, tivoli security policy manager