OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: FW: XACML attestation



From: DANGERVILLE Cyril [mailto:cyril.dangerville@thalesgroup.com]
Sent: Tuesday, July 25, 2017 9:59 AM
To: David Brossard; Harold Lockhart
Cc: FERRARI Romain
Subject: RE: XACML attestation


Hello David,

As of now, we support the REST profile and we also support JSON on our REST API, but not according to the JSON profile specification. Nevertheless, we are quite interested in such attestation because we believe this could promote AuthzForce in a good way.


So short answer: today we don’t implement the JSON profile. Therefore, if you need to issue the statement shortly, then I’m afraid you can’t mention AuthzForce for the moment.

Long answer: we can add this to our roadmap. Therefore, if you don’t find any other candidate and you accept to delay your announcement, I can get back to you next week with a more precise answer, that is to say:

1) whether this actually feasible for us, and

2) when we can have it implemented if this is a matter of days or weeks.


I first need to check with my team what is the necessary effort to adapt our format to the JSON profile, and whether we can afford it.

Just to clarify on what is mandatory and what is not in the spec, because this is not absolutely clear to me, I have a few questions:

1.      Is it mandatory to support the JSON shorthand type codes for data-types (3.3.1)?

2.      Is it mandatory to support the shorthand notations for standard XACML categories (






From: David Brossard [mailto:david.brossard@axiomatics.com]
Sent: jeudi 20 juillet 2017 18:34
To: DANGERVILLE Cyril; Harold Lockhart
Subject: XACML attestation


Hi Cyril,


Right now the JSON profile of XACML is a committee specification. For it to become a standard, it needs to have 3 attestations of implementation or use.


An attestation looks like the following:


<company_name> has successfully implemented JSON Profile of XACML 3.0 Version 1.0 Committee Specification 01, approved on 11 December 2014, in accordance with the conformance clauses in Section 9. This did not include inter-operation with independent implementations.

Do you think you could issue such a statement on behalf of AuthZForce? I do believe it implements the REST and JSON profiles of XACML?






David Brossard
VP of Customer Relations

+1 312 774-9163

+1 502 922 6538

+46(0)760 25 85 75

525 W. Monroe Suite 2310
Chicago 60661

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]