swagger: "2.0" info: description: "This is the XACML 3.0 REST endpoint, a XACML 3.0 authorization service. You can find out more about XACML at [https://www.oasis-open.org/committees/xacml/](https://www.oasis-open.org/committees/xacml/) and on [Wikipedia](https://en.wikipedia.org/wiki/XACML)." version: "1.0.0" title: "XACML 3.0 Authorization Service" contact: email: "xacml@lists.oasis-open.org" license: name: "OASIS Open" url: "https://www.oasis-open.org/resources/open-repositories/licenses" schemes: - "http" - "https" paths: /authorize: post: tags: - "authorize" summary: "Send a XACML 3.0 authorization request in JSON or XML and get a decision back." description: "Use this method to send an authorization request which will be processed by the Policy Decision Point (PDP). The PDP will produce a response and return it to the client. The response will contain at least one decision (either of Permit, Deny, NotApplicable, or Indeterminate) according to the XACML standard. This JSON interface supports the Multiple Decision Profile." operationId: "authorize" consumes: - "application/xacml+json" produces: - "application/xacml+json" parameters: - in: "body" name: "body" description: "The XACML 3.0 request that needs to be evaluated." required: true schema: $ref: "#/definitions/Request" responses: 200: description: "An authorization decision was returned." schema: $ref: "#/definitions/Response" 400: description: "Invalid request." 500: description: "Internal server error - the PDP could not process the incoming request." definitions: Request: type: "object" required: - AccessSubject - Resource - Action properties: AccessSubject: $ref: "#/definitions/AttributeArray" Action: $ref: "#/definitions/AttributeArray" Resource: $ref: "#/definitions/AttributeArray" Environment: $ref: "#/definitions/AttributeArray" Category: $ref: "#/definitions/CategoryArray" XPathVersion: type: "string" default: "http://www.w3.org/TR/1999/REC-xpath-19991116" ReturnPolicyIdList: type: "boolean" description: "Determines whether the PDP will return the list of identifiers of the policies that were used in the decision making process." default: false CombinedDecision : type: "boolean" default: false description: "In the case of a multiple decision profile request, tells the PDP to combine each result's decision into a single decision and return that." Response: $ref: "#/definitions/ResultArray" AttributeArray: type: "array" items: $ref: "#/definitions/Attribute" CategoryArray: type: "array" description: "Use the Category property when you want to use custom categories for which there are no shorthand notations (Resource, Action, Environment, AccessSubject, RecipientSubject, IntermediarySubject, Codebase, RequestingMachine)." items: type: "object" properties: CategoryId: type: "string" description: "the identifier of the category this object contains attributes for. The full-blown URI or the equivalent shorthand notation must be used e.g. urn:oasis:names:tc:xacml:3.0:attribute-category:resource or Resource. Custom values are also accepted so long as they are valid URIs. Whitespaces are not allowed." Id: type: "string" description: "This is an optional identifier for this specific object. The identifier may be used when constructing a Multiple Decision Request" Content: type: "string" description: "A XACML request can contain XML content that is passed in as part of the category it belongs to. The XML content needs to be either encoded or escaped as explained in the JSON profile of XACML." Attribute: $ref: "#/definitions/AttributeArray" ResultArray: type: "array" items: $ref: "#/definitions/Result" Result: type: "object" description: "A typical response will contain a single result. In the case of a Multiple Decision Request, the Response may contain an array of Result objects." required: - Decision properties: Decision: type: "string" enum: [Permit, Deny, NotApplicable, Indeterminate] Status: # this object still needs to be completed type: "object" properties: StatusMessage: type: "string" StatusDetail: type: "string" StatusCode: type: "object" properties: Value: type: "string" # should be URI default: "urn:oasis:names:tc:xacml:1.0:status:ok" Obligations: $ref: "#/definitions/ObligationArray" AssociatedAdvice: $ref: "#/definitions/ObligationArray" Category: type: "array" items: $ref: "#/definitions/CategoryArray" PolicyIdentifierList: $ref: "#/definitions/PolicyIdentifier" ObligationArray: type: "array" items: $ref: "#/definitions/Obligation" Obligation: type: "object" properties: Id: type: "string" # should be URI AttributeAssignment: type: "array" items: type: "object" properties: AttributeId: type: "string" # this should really be a URI Value: type: "string" Category: type: "string" description: "the identifier of the category the attribute belongs to." DataType: type: "string" enum: [string, boolean, integer, double, time, date, dateTime, dayTimeDuration, yearMonthDuration, anyURI, hexBinary, base64Binary, rfc822Name, x500Name, ipAddress, dnsName, xpathExpression] Issuer: type: "string" Attribute: type: "object" required: - AttributeId - Value properties: AttributeId: type: "string" # this should really be a URI Value: type: "string" Issuer: type: "string" DataType: type: "string" enum: [string, boolean, integer, double, time, date, dateTime, dayTimeDuration, yearMonthDuration, anyURI, hexBinary, base64Binary, rfc822Name, x500Name, ipAddress, dnsName, xpathExpression] PolicyIdentifier: type: "object" properties: PolicyIdReference: type: "array" items: $ref: "#/definitions/IdReference" PolicySetIdReference: type: "array" items: $ref: "#/definitions/IdReference" IdReference: type: "object" properties: Id: type: "string" Version: type: "string" externalDocs: description: "Find out more about the JSON Profile of XACML 3.0" url: "http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html"