David, I think this document is close to Committee Specification(went through the emails on the list). So never mind on my comments. :) This is great work. Regards, Anil On 04/29/2014 08:45 AM, Anil Saldhana wrote: I am just echoing what is prevalent in the industry in terms of JSON payload. Eg: Section 4.1 of
http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19 (JSON Web Token) While it is important to make the payload more human readable, we have to be prudent in terms of the size of the JSON payload, in a high volume environment. :) Developers read the payload only during initial setup, testing and triage_customer_complaints. ;) I would prefer JSON over Apache Thrift any day given that JSON is consumable directly by Ajax. :) Towards this, I feel the JSON profile for XACML is an important milestone in bringing fine grained authorization to the REST world. On 04/29/2014 06:38 AM, David Brossard wrote: I don't agree here. The main point of the JSON profile is to make a request and response more human-readable. If it was just about software-processing and efficiency, we should go for some binary format e.g. Apache Thrift. On Mon, Apr 28, 2014 at 4:16 PM, Anil Saldhana <
Anil.Saldhana@redhat.com > wrote: On 04/18/2014 06:54 PM, Gil Kirkpatrick (ViewDS) wrote: >> AccessSubject does contain a triple S in the middle Looksss alright to me. -gil From:
xacml@lists.oasis-open.org [ mailto:
xacml@lists.oasis-open.org ] On Behalf Of David Brossard Sent: Friday, 18 April 2014 7:13 AM To: xacml Subject: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON Identifier Short name urn:oasis:names:tc:xacml:3.0:attribute-category:resource Resource urn:oasis:names:tc:xacml:3.0:attribute-category:action Action urn:oasis:names:tc:xacml:3.0:attribute-category:environment Environment urn:oasis:names:tc:xacml:1.0:subject-category:access-subject AccessSubject urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject RecipientSubject urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject IntermediarySubject urn:oasis:names:tc:xacml:1.0:subject-category:codebase Codebase urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine RequestingMachine Why not reduce the number of characters as these are processed by software? Res, Act,Env,AccessSubj,RecipientSubj,IntSubj,code,ReqMac etc? Just a thought, David. Convention: Capitalize all words in TitleCase Remove all non alphanumerical characters Names must start with a letter, not a number Any objections? AccessSubject does contain a triple S in the middle Cheers, David.