I am just echoing what is prevalent
in the industry in terms of JSON payload.
Eg: Section 4.1 of http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19
(JSON Web Token)
While it is important to make the payload more human readable,
we have to be prudent in terms of the size of
the JSON payload, in a high volume environment. :) Developers
read the payload only during initial setup, testing
and triage_customer_complaints. ;)
I would prefer JSON over Apache Thrift any day given that JSON
is consumable directly by Ajax. :) Towards this, I feel
the JSON profile for XACML is an important milestone in bringing
fine grained authorization to the REST world.
On 04/29/2014 06:38 AM, David Brossard wrote: