Profile

Ray, I understand that. My point was that fully resolving policy references is a runtime concern with clearly defined expectations in the core spec, and there's no need to require the PAP to be able to resolve all references during policy upload. Regards, Craig ------- craig forster ...

Prateek, I didn't mean to suggest that the runtime and administration pieces couldn't be tackled separately, just that calling an XACML over HTTP POST (using XML or JSON) a "REST" protocol is a misnomer (IMO). I completely agree that a runtime profile could be knocked out fairly quickly. However, how ...

In my view, a common use of the REST profile will be for the PDP to fetch policies from a PAP / policy repository. A key part of this process will be finding the URI of a policy based on it's PolicyId/PolicySetId, as we've already determined that these two are separate (that is, one can't derive the ...

>> we should split off the policy management aspects into a different profile and drive the REST-based decision request to completion. Without the policy administration, there's nothing left that is "REST". All we have is a HTTP POST binding for XACML requests and responses, with perhaps a JSON representation. ...

My opinion on this is that the core specification clearly states what to do when a PolicyIdReference or PolicySetIdReference can't be resolved: If resolving the reference fails, the reference evaluates to “Indeterminate” with status code urn:oasis:names:tc:xacml:1.0:status:processing-error. ...