OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] The Result object of a XACML JSON Response

Hi Steven,

Our implementation behaves the same way: single object for single decision. Array otherwise. I also concur that in the next version, only array will be allowed.

When we have gone through the following version, I will update the swagger I wrote. I would love to have it as a formal means to describe the profile.

David

On Thu, Jun 7, 2018 at 7:09 PM, Steven Legg <steven.legg@viewds.com> wrote:

Hi David,

On 8/06/2018 12:52 AM, David Brossard wrote:
Hi Steven, all

I am trying to get to the bottom of an issue with the JSON profile. Given you have looked at it extensively more recently than I have, I thought you might know the answer off the top of your mind.

 In section 5.2.1 <http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/cos01/xacml-json-http-v1.0-cos01.html#_Toc497727092> of the current spec, I wrote:

The Responseproperty MAY contain an array of Resultobjects.

What  I am trying to figure out is whether there is anything in the spec that allows the Response object to be the single Result object.

There wasn't anything that explicitly allowed it to be a single object, but the
MAY made the array optional. So if it's optional then what is it otherwise? Maybe
a single object!

Or was the MAY saying that the Response member is optional? I made the Response
member optional in the latest draft on that assumption, though in practice it
isn't because there has to be at least one result in the XML representation. If
you didn't intend to make, or have a reason for making, the Response member
optional then we should make it mandatory.

I know we are moving away from this behavior anyway. But if I did write that, then this would be a potentially bigger change than previously thought.

 The ViewDS implementation is accepting a single object or an array and sending
a single object when there is only one result. It will soon change to always
sending an array.

Regards,
Steven



--
David Brossard
Web: http://www.axiomatics.com <http://www.axiomatics.com/>
Axiomatics Blog <http://www.axiomatics.com/blog/> | Events <http://www.axiomatics.com/events.html> | Resources, Webinars & Whitepapers <http://www.axiomatics.com/resources.html>
Connect with us on LinkedIn <http://www.linkedin.com/companies/536082> | Twitter <http://twitter.com/axiomatics> | Google + <https://plus.google.com/u/1/b/101496487994084529291/> | Facebook <https://www.facebook.com/axiomatics> | YouTube <http://www.youtube.com/user/axiomaticsab> | Stackoverflow <https://stackoverflow.com/users/1021725/david-brossard>






--
David Brossard
VP of Customer Relations
+1 312 774-9163
+1 502 922 6538

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]