OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] XPath support in the JSON profile


Hi David,

On 2/11/2012 8:27 PM, David Brossard wrote:

Hi all,

I think I can conclude from what we've just said that:

(1) Base64 is no better - it's bigger and definitely not human-readable
(2) We should allow for XML Content. I tend to agree with Danny that this will be automated anyway. One good
use case for XML content is the ability to send a SAML token to the PDP or an XML medical record as someone
mentioned on the list
(3) Let's use the "html" escaping technique i.e. use > and " and so on. Does that work? Am I missing
something?


It's a problem in that XML uses the same escapes, and so would be ambiguous.
Consider this XML fragment:

    <MyElement Name="Robert &quot;Bob&quot; Smith"/>

As an escaped JSON string it would look like this:

    "<MyElement Name=&quot;Robert &quot;Bob&quot; Smith&quot;/>"

A JSON decoder wouldn't know which escapes to replace and which to leave alone.
If it gets it wrong the XML won't parse.

BTW, using the JSON escape sequences it would look like this, which is
unambiguous:

    "<MyElement Name=\"Robert &quot;Bob&quot; Smith\"/>"

Regards,
Steven



It's not human-readable but if you paste it inside an HTML page, then the browser actually displays the XML
payload.

(4) Let's remove the XPath datatype. I will flag it as not supported.

On Fri, Nov 2, 2012 at 1:21 AM, Bill Parducci <bill@parducci.net <mailto:bill@parducci.net>> wrote:

    I do not think one can reasonably refer to escaped XML wrapped in JSON as even mildly readable. Granted,
    it might be useful for debugging by a well versed engineer, but is that the use case we are trying to
    solve? I suspect in reality even debugging would be handled by some level of decoding before human eyes
    attempt to extract the details. If that is true, then I tend to agree with the base64 proposal.

    b



    On Nov 1, 2012, at 4:37 PM, Steven Legg <steven.legg@viewds.com <mailto:steven.legg@viewds.com>> wrote:

     > > The
     >> issue is that if JSON is meant to be for easier XACML request authoring and human readability, Base
    64 goes
     >> against that.
     >
     > The Base64 encoding is automatically 33% longer than the original XML. I would
     > expect that the JSON character escapes would bloat a typical XML document by less
     > than that, and the result would still be semi-readable. So I lean towards using
     > the JSON character escapes.


    ---------------------------------------------------------------------
    To unsubscribe, e-mail: xacml-unsubscribe@lists.oasis-open.org
    <mailto:xacml-unsubscribe@lists.oasis-open.org>
    For additional commands, e-mail: xacml-help@lists.oasis-open.org <mailto:xacml-help@lists.oasis-open.org>




--
David Brossard, M.Eng, SCEA, CSTP
Product Manager
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden
http://www.linkedin.com/companies/536082
http://www.axiomatics.com
http://twitter.com/axiomatics

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]