(I'm resending this email in plain text to see if this doesn't go into people's spam folder this time, although my previous email is already visible in the list archive online.) Hello all, I have (re)joined the XACML TC recently, and as I have a few issues to add to the TC's "backlog" for later discussion, I am looking for a place in the TC workspace where you keep track of pending issues. Is there such a place? I've seen the "Wishlist" page on the wiki but seems quite old. To give an idea, some issues of interest to me: 1) Changes to XACML core spec: a. Backward-compatible / non-breaking changes: i. Add <VariableRefence> as third choice in Target <Match> (in addition to AttributeDesignator, AttributeSelector) ii. Add <VariableDefinition>s as optional elements in <PolicySet> and <Rule> (like in <Policy>) iii. Support JsonPath evaluation in <AttributeDesignator>, by adding optional attribute 'contentType' (for example) = 'JSON' or 'XML' ('XML' is the default value), to indicate whether the <Content> must be processed as 'JSON' object instead of XML, and the 'Path' handled as JsonPath according to this draft RFC:
https://datatracker.ietf.org/doc/draft-ietf-jsonpath-base/ . For this one, it may be safer to wait it become an IETF standard. But it's good to anticipate. b. Breaking/non-backward-compatible changes to XACML core spec, therefore to be considered rather for XACML 4.0: i. XSD simplification: replace Obligation/Advice(Expression) elements with one PepAction(Expression) element and a XML attribute required='true' (for Obligation) or 'false' (for Advice) 2) New profiles: a. YAML Profile of XACML: for writing XACML policies in YAML. Kind regards, Cyril Cyril Dangerville Security Architect, CISSP THALES