Re: [xacml] XPath support in the JSON profile

[Bill Parducci <bill@parducci.net>]

Sounds reasonable to me.

b

On Nov 15, 2012, at 7:44 AM, David Brossard <david.brossard@axiomatics.com> wrote:

> The profile could offer both approaches. Base64 sounds easy and safe.
> 
> The XML (JSON-escaped) could be another, more readable option.
> 
> Thoughts?
> 
> On Thu, Nov 15, 2012 at 4:30 PM, Bill Parducci <bill@parducci.net> wrote:
> OK, sorry for the misunderstanding.
> 
> With respect to escaping XML specifically, my preference remains with base64 encoding. It is well a understood, ubiquitous mechanism that doesn't lend itself to the kind of human interpretive issues we have already seen on this thread. I believe any solution will require mechanized transformation to enable human debugging and do not believe the size argument is relevant for reasons stated earlier.
> 
> Thanks
> 
> b
> 
> 
> On Nov 15, 2012, at 7:11 AM, David Brossard <david.brossard@axiomatics.com> wrote:
> 
> > No, these were 2 separate threads. Not related. Sorry about the confusion.
> >
> > I suggest this as the one and only way of escaping XML inside JSON:
> >
> > \ should be escaped using \: \\
> > " should be escaped using \: \"
> >
> >       • Before: <xmlContent value="the \ is a neat thing">foo "content" with \"" as example</xmlContent>
> >       • After: <xmlContent value=\"the \\ is a neat thing\">foo \"content\" with \\\"\" as example</xmlContent>
> >
> >
> > What do you think?
> >
> > On Thu, Nov 15, 2012 at 4:06 PM, Bill Parducci <bill@parducci.net> wrote:
> > Sorry, I am not following.  This appears to be a transformation (html entities) from what would be in the raw payload. If so, I am not sure what is being accomplished. If the suggestion is to apply a second transformation on top of XML escaping then I suggest that the additional complexity is probably not justified.
> >
> > b
> >
> >
> > On Nov 15, 2012, at 6:49 AM, David Brossard <david.brossard@axiomatics.com> wrote:
> >
> >> Bill,
> >>
> >> I meant escaped XML/HTML using the HTML way of escaping things.
> >>
> >> Try:
> >>
> >> <html>
> >> <body>
> >> foo &lt;elem&gt;some stuff&lt;/elem&gt;
> >> </body>
> >> </html>
> >>
> >> save it to foo.html and open it.
> >>
> >> On Thu, Nov 15, 2012 at 3:47 PM, Bill Parducci <bill@parducci.net> wrote:
> >> Opening the latter in Chrome yields:
> >>
> >> foo \"content\" with \\\"\" as example
> >>
> >> I think perhaps you misspoke re: being able to read this in a browser...at least inasmuch as it being a viable mechanism for debugging ;)
> >>
> >> b
> >>
> >> On Nov 15, 2012, at 6:13 AM, David Brossard <david.brossard@axiomatics.com> wrote:
> >>
> >> > I just realized that I am not being very consistent here.
> >> >
> >> > \ should be escaped using \: \\
> >> > " should be escaped using \: \"
> >> >
> >> >       • Before: <xmlContent value="the \ is a neat thing">foo "content" with \"" as example</xmlContent>
> >> >       • After: <xmlContent value=\"the \\ is a neat thing\">foo \"content\" with \\\"\" as example</xmlContent>
> >> > What do you think?
> >>
> >>
> >>
> >>
> >> --
> >> David Brossard, M.Eng, SCEA, CSTP
> >> Product Manager
> >> +46(0)760 25 85 75
> >> Axiomatics AB
> >> Skeppsbron 40
> >> S-111 30 Stockholm, Sweden
> >> http://www.linkedin.com/companies/536082
> >> http://www.axiomatics.com
> >> http://twitter.com/axiomatics
> >
> >
> >
> > --
> > David Brossard, M.Eng, SCEA, CSTP
> > Product Manager
> > +46(0)760 25 85 75
> > Axiomatics AB
> > Skeppsbron 40
> > S-111 30 Stockholm, Sweden
> > http://www.linkedin.com/companies/536082
> > http://www.axiomatics.com
> > http://twitter.com/axiomatics
> 
> 
> 
> 
> -- 
> David Brossard, M.Eng, SCEA, CSTP
> Product Manager
> +46(0)760 25 85 75
> Axiomatics AB
> Skeppsbron 40
> S-111 30 Stockholm, Sweden
> http://www.linkedin.com/companies/536082
> http://www.axiomatics.com
> http://twitter.com/axiomatics