OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] XPath support in the JSON profile

Hi David,

On 30/10/2012 3:00 AM, David Brossard wrote:

Although the JSON profile does support the XPath features of XACML, I just wanted to point out that it will
not be trivial and that any scenario involving XPath should probably use the "normal" XML representation of
a XACML request/response.

As an example, Erik pointed out that I would struggle to serialize the datatype values of type
urn:oasis:names:tc:xacml:3.0:data-type:xpathExpression into a string because of the namespace definitions.

There's a further problem in that xpathExpression values also have an XPathCategory
XML attribute. Unlike values of the other data-types, values of the xpathExpression
data-type are not primitive values and would need to be represented as a JSON object.
For example:

    "Attribute": {
        "Id" : "urn:oasis:names:tc:xacml:3.0:content-selector",
        "DataType" : "xpathExpression",
        "value" : {
            "XPathCategory" : "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
            "namespaces" : [{
                "namespace-prefix" : "md",
                "namespace-name" : "urn:example:med:schemas:record"
            "cdata" : "md:record/md:patient/md:patientDoB"

Also, in section 5.2.4, I escape XML content making it quite unreadable. That's definitely not user-friendly
which tends to make me think this profile is not for use cases with XML content.

The escaping you describe in section 4.2.4 is problematic. The character sequence
" can appear in XML attribute values, where replacing it with a literal
double quote character would cause the XML to become invalid. The escape sequence
would need to be something that cannot occur in a valid XML document. In any case,
JSON strings use backslash escapes ( see http://www.json.org/ ) which solves the
problem of double quotes in an XML payload, but has other implications. At the very
least, any \ or " characters in the XML payload would have to be escaped. However,
JSON seems to require us to escape whitespace control characters. That would be
really ugly.

You haven't always comma separated name/value pairs in objects in the examples.
Otherwise, I have no other issues with the JSON draft.


David Brossard, M.Eng, SCEA, CSTP
Product Manager
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]