OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
  • 1.  Shorthand notation of the default XACML 3.0 categories in JSON

    Posted 04-17-2014 21:14
    Identifier Short name urn:oasis:names:tc:xacml:3.0:attribute-category:resource Resource urn:oasis:names:tc:xacml:3.0:attribute-category:action Action urn:oasis:names:tc:xacml:3.0:attribute-category:environment Environment urn:oasis:names:tc:xacml:1.0:subject-category:access-subject AccessSubject urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject RecipientSubject urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject IntermediarySubject urn:oasis:names:tc:xacml:1.0:subject-category:codebase Codebase urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine RequestingMachine Convention: Capitalize all words in TitleCase Remove all non alphanumerical characters Names must start with a letter, not a number Any objections? AccessSubject does contain a triple S in the middle Cheers, David.


  • 2.  RE: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON

    Posted 04-18-2014 23:55
    >> AccessSubject does contain a triple S in the middle   Looksss alright to me.   -gil   From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of David Brossard Sent: Friday, 18 April 2014 7:13 AM To: xacml Subject: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON   Identifier Short name urn:oasis:names:tc:xacml:3.0:attribute-category:resource Resource urn:oasis:names:tc:xacml:3.0:attribute-category:action Action urn:oasis:names:tc:xacml:3.0:attribute-category:environment Environment urn:oasis:names:tc:xacml:1.0:subject-category:access-subject AccessSubject urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject RecipientSubject urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject IntermediarySubject urn:oasis:names:tc:xacml:1.0:subject-category:codebase Codebase urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine RequestingMachine     Convention: Capitalize all words in TitleCase Remove all non alphanumerical characters Names must start with a letter, not a number   Any objections? AccessSubject does contain a triple S in the middle   Cheers, David.


  • 3.  Re: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON

    Posted 04-28-2014 14:17
    On 04/18/2014 06:54 PM, Gil Kirkpatrick (ViewDS) wrote: >> AccessSubject does contain a triple S in the middle   Looksss alright to me.   -gil   From: xacml@lists.oasis-open.org [ mailto:xacml@lists.oasis-open.org ] On Behalf Of David Brossard Sent: Friday, 18 April 2014 7:13 AM To: xacml Subject: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON   Identifier Short name urn:oasis:names:tc:xacml:3.0:attribute-category:resource Resource urn:oasis:names:tc:xacml:3.0:attribute-category:action Action urn:oasis:names:tc:xacml:3.0:attribute-category:environment Environment urn:oasis:names:tc:xacml:1.0:subject-category:access-subject AccessSubject urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject RecipientSubject urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject IntermediarySubject urn:oasis:names:tc:xacml:1.0:subject-category:codebase Codebase urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine RequestingMachine     Why not reduce the number of characters as these are processed by software? Res, Act,Env,AccessSubj,RecipientSubj,IntSubj,code,ReqMac etc? Just a thought, David. Convention: Capitalize all words in TitleCase Remove all non alphanumerical characters Names must start with a letter, not a number   Any objections? AccessSubject does contain a triple S in the middle   Cheers, David.


  • 4.  Re: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON

    Posted 04-29-2014 11:38
    I don't agree here. The main point of the JSON profile is to make a request and response more human-readable. If it was just about software-processing and efficiency, we should go for some binary format e.g. Apache Thrift. On Mon, Apr 28, 2014 at 4:16 PM, Anil Saldhana < Anil.Saldhana@redhat.com > wrote: On 04/18/2014 06:54 PM, Gil Kirkpatrick (ViewDS) wrote: >> AccessSubject does contain a triple S in the middle   Looksss alright to me.   -gil   From: xacml@lists.oasis-open.org [ mailto:xacml@lists.oasis-open.org ] On Behalf Of David Brossard Sent: Friday, 18 April 2014 7:13 AM To: xacml Subject: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON   Identifier Short name urn:oasis:names:tc:xacml:3.0:attribute-category:resource Resource urn:oasis:names:tc:xacml:3.0:attribute-category:action Action urn:oasis:names:tc:xacml:3.0:attribute-category:environment Environment urn:oasis:names:tc:xacml:1.0:subject-category:access-subject AccessSubject urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject RecipientSubject urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject IntermediarySubject urn:oasis:names:tc:xacml:1.0:subject-category:codebase Codebase urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine RequestingMachine     Why not reduce the number of characters as these are processed by software? Res, Act,Env,AccessSubj,RecipientSubj,IntSubj,code,ReqMac etc? Just a thought, David. Convention: Capitalize all words in TitleCase Remove all non alphanumerical characters Names must start with a letter, not a number   Any objections? AccessSubject does contain a triple S in the middle   Cheers, David. -- David Brossard, M.Eng, SCEA, CSTP VP of Customer Relations +46(0)760 25 85 75 Axiomatics AB Skeppsbron 40 S-111 30 Stockholm, Sweden Support: https://support.axiomatics.com   Web:  http://www.axiomatics.com Axiomatics for developers: http://developers.axiomatics.com Connect with us on  LinkedIn     Twitter     Google +     Facebook   YouTube


  • 5.  Re: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON

    Posted 04-29-2014 13:46
    I am just echoing what is prevalent in the industry in terms of JSON payload. Eg:  Section 4.1 of http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19    (JSON Web Token) While it is important to make the payload more human readable, we have to be prudent in terms of the size of the JSON payload, in a high volume environment. :)  Developers read the payload only during initial setup, testing and triage_customer_complaints. ;) I would prefer JSON over Apache Thrift any day given that JSON is consumable directly by Ajax. :) Towards this, I feel the JSON profile for XACML is an important milestone in bringing fine grained authorization to the REST world. On 04/29/2014 06:38 AM, David Brossard wrote: I don't agree here. The main point of the JSON profile is to make a request and response more human-readable. If it was just about software-processing and efficiency, we should go for some binary format e.g. Apache Thrift. On Mon, Apr 28, 2014 at 4:16 PM, Anil Saldhana < Anil.Saldhana@redhat.com > wrote: On 04/18/2014 06:54 PM, Gil Kirkpatrick (ViewDS) wrote: >> AccessSubject does contain a triple S in the middle   Looksss alright to me.   -gil   From: xacml@lists.oasis-open.org [ mailto:xacml@lists.oasis-open.org ] On Behalf Of David Brossard Sent: Friday, 18 April 2014 7:13 AM To: xacml Subject: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON   Identifier Short name urn:oasis:names:tc:xacml:3.0:attribute-category:resource Resource urn:oasis:names:tc:xacml:3.0:attribute-category:action Action urn:oasis:names:tc:xacml:3.0:attribute-category:environment Environment urn:oasis:names:tc:xacml:1.0:subject-category:access-subject AccessSubject urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject RecipientSubject urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject IntermediarySubject urn:oasis:names:tc:xacml:1.0:subject-category:codebase Codebase urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine RequestingMachine     Why not reduce the number of characters as these are processed by software? Res, Act,Env,AccessSubj,RecipientSubj,IntSubj,code,ReqMac etc? Just a thought, David. Convention: Capitalize all words in TitleCase Remove all non alphanumerical characters Names must start with a letter, not a number   Any objections? AccessSubject does contain a triple S in the middle   Cheers, David.  


  • 6.  Re: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON

    Posted 04-29-2014 14:11
    David,   I think this document is close to Committee Specification(went through the emails on the list).  So never mind on my comments. :) This is great work. Regards, Anil On 04/29/2014 08:45 AM, Anil Saldhana wrote: I am just echoing what is prevalent in the industry in terms of JSON payload. Eg:  Section 4.1 of http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19    (JSON Web Token) While it is important to make the payload more human readable, we have to be prudent in terms of the size of the JSON payload, in a high volume environment. :)  Developers read the payload only during initial setup, testing and triage_customer_complaints. ;) I would prefer JSON over Apache Thrift any day given that JSON is consumable directly by Ajax. :) Towards this, I feel the JSON profile for XACML is an important milestone in bringing fine grained authorization to the REST world. On 04/29/2014 06:38 AM, David Brossard wrote: I don't agree here. The main point of the JSON profile is to make a request and response more human-readable. If it was just about software-processing and efficiency, we should go for some binary format e.g. Apache Thrift. On Mon, Apr 28, 2014 at 4:16 PM, Anil Saldhana < Anil.Saldhana@redhat.com > wrote: On 04/18/2014 06:54 PM, Gil Kirkpatrick (ViewDS) wrote: >> AccessSubject does contain a triple S in the middle   Looksss alright to me.   -gil   From: xacml@lists.oasis-open.org [ mailto:xacml@lists.oasis-open.org ] On Behalf Of David Brossard Sent: Friday, 18 April 2014 7:13 AM To: xacml Subject: [xacml] Shorthand notation of the default XACML 3.0 categories in JSON   Identifier Short name urn:oasis:names:tc:xacml:3.0:attribute-category:resource Resource urn:oasis:names:tc:xacml:3.0:attribute-category:action Action urn:oasis:names:tc:xacml:3.0:attribute-category:environment Environment urn:oasis:names:tc:xacml:1.0:subject-category:access-subject AccessSubject urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject RecipientSubject urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject IntermediarySubject urn:oasis:names:tc:xacml:1.0:subject-category:codebase Codebase urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine RequestingMachine     Why not reduce the number of characters as these are processed by software? Res, Act,Env,AccessSubj,RecipientSubj,IntSubj,code,ReqMac etc? Just a thought, David. Convention: Capitalize all words in TitleCase Remove all non alphanumerical characters Names must start with a letter, not a number   Any objections? AccessSubject does contain a triple S in the middle   Cheers, David.