OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
  • 1.  REST Profile - General Plan

    Posted 05-16-2012 20:15
    I have a number of different kinds of comments about the REST Profile and Media types which will post separately to allow the discussion to take place in distinct threads. I am not clear on what the general plan for this work is. First, Robin Cover noted that the IANA submission must refer to a document that is either an IETF RFC or an OASIS Standard (in our case). I assume that we are not doing an RFC, so we must bring the Media Types doc to Oasis Standard before doing the IANA submission. Agreed? Second, I assume the Media types document should refer to a document which has at least some level of approval. Does everyone agree on this? Is CD sufficient? CS? Next question is, do we plan to put the JSON material and everything else related in the REST Profile doc, or have a separate doc for some of it? Assuming a single doc, are we planning to complete it and then move it to CS and OS or attempt to standardize a preliminary doc which is missing some of the material? Assuming we will complete it and then move it forward, is there any necessary ordering between reaching any particular stage of the REST and media Profiles? Is there anything else we need to agree on with respect for the work plan? Hal


  • 2.  RE: [xacml] REST Profile - General Plan

    Posted 05-16-2012 20:26
    I believe we discussed on the last call that we would remove JSON from the XACML media type document and pursue JSON representation of XACML in a separate track. When the JSON profile is sorted out by the TC, then we can consider another IANA submission for a JSON media type, referencing the approved JSON profile. -Danny Danny Thorpe Product Architect Quest Software - Now including the people and products of BiTKOO www.quest.com


  • 3.  RE: [xacml] REST Profile - General Plan

    Posted 05-16-2012 21:26
    Hal, >


  • 4.  RE: [xacml] REST Profile - General Plan

    Posted 05-17-2012 14:24
    > > I am not clear on what the general plan for this work is. > > My proposal was the following: > http://lists.oasis-open.org/archives/xacml/201205/msg00006.html > > My bad, I missed this message. > > First, Robin Cover noted that the IANA submission must refer to a > > document that is either an IETF RFC or an OASIS Standard (in our > case). > > I assume that we are not doing an RFC, so we must bring the Media > > Types doc to Oasis Standard before doing the IANA submission. Agreed? > > Actually, I'm leaning more towards an RFC: > http://lists.oasis-open.org/archives/xacml/201205/msg00006.html Ok, I am ignorant of what level of approval the RFC needs to get. Can you just get a number and write it up as informational, or do you need to create a working group, etc.? > > > > Second, I assume the Media types document should refer to a document > > which has at least some level of approval. Does everyone agree on > this? > > Is CD sufficient? CS? > > Per Robin's statement above it should be OS, right? What I was thinking of, was the case where the Media Types doc simply pointed at the REST Profile. If we are dropping the media types document, this question is moot. > > > > Next question is, do we plan to put the JSON material and everything > > else related in the REST Profile doc, or have a separate doc for some > > of it? > > Current consensus seems to be a separate document. David Brossard > proposed his 'JSON over HTTP' profile: > http://lists.oasis-open.org/archives/xacml/201205/msg00012.html > But we may have to rename it? > It may make sense to have a separate document for the JSON format of requests and perhaps policies, but I would think the material about how to put it in a message and process requests and responses would involve a lot of duplication between the two documents, which is usually a bad idea. I would like to hear other opinions on this. > > > Assuming a single doc, are we planning to complete it and then move > it > > to CS and OS or attempt to standardize a preliminary doc which is > > missing some of the material? > > I vote we complete it and then move it forward. > > > > Assuming we will complete it and then move it forward, is there any > > necessary ordering between reaching any particular stage of the REST > > and media Profiles? > > The JSON profile is independent of anything else, as is the > registration of the XML format. > > The REST profile needs a representation (and would ideally reference > the JSON and XML formats), but the meat of the profile can move forward > without knowledge of the details of any such representation. So we may > need to wait until the XML and JSON stuff is "done" to finalize the > REST profile, but we can surely work on it in the mean time. > So far what I have heard (outside the TC) is a lot of interest in REST with no XML, but not a whole lot of interest in XML over HTTP. What do others think? Hal


  • 5.  RE: [xacml] REST Profile - General Plan

    Posted 05-17-2012 20:56
    Hal, >


  • 6.  RE: [xacml] REST Profile - General Plan

    Posted 05-19-2012 10:04
    Hal, >