Is there a JSON profile to define XACML policies?

老子叫甜甜 提交于 2019-12-04 05:09:43

No there isn't at the moment. The JSON profile of XACML only deals with XACML requests and responses. The idea behind the profile is to provide a more lightweight way of sending and receiving XACML requests / responses.

Since policies are typically at rest, the encoding of the policy doesn't matter so much.

That said, there are 3 initiatives you may be interested in:

  • the ALFA profile of XACML: this is a pseudo-code notation used to write XACML policies in an easy way. Axiomatics, the company I work for, is currently submitting the spec to the OASIS XACML Technical Committee as a profile.
  • Bernard Butler of the Waterford Institute of Technology did implement XACML policies in JSON. You can find some of his work here. It uses a lot of the same ideas used in the JSON profile
  • Ron Turner of nMed LLC has also done some work in that space. You can find a presentation on the topic here.

There is no standard JSON format for XACML policies, as already answered. Yet there are well-known conventions to convert XML to JSON (with limitations), mostly used by REST API frameworks. So if you know the XML format, the convention tells you the JSON format. For example, Apache CXF used to support two conventions: Badgerfish and the mapped convention. Badgerfish is no longer maintained in CXF therefore the mapped convention is preferred now.

The mapped convention is what AuthzForce Server - another ABAC/XACML implementation - uses for the RESTful PAP (Policy Administration Point) API, so that you can manage XACML policies in either XML (standard XACML) or JSON format. We used the JSON format for Javascript-based apps (e.g. web user interface) in particular.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!