-
Type: Task
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Component/s: First public review
-
Labels:None
Submitted on Thursday, August 8, 2013 - 16:59
Submitted by user:
Submitted values are:
Submitter's Name: william parducci
TC Name: eXtensible Access Control Markup Language (XACML)
TC Email Address: xacml@lists.oasis-open.org
Work Product Title: Request / Response Interface based on JSON and HTTP for
XACML 3.0 Version 1.0
Committee Specification Draft ##: CSD-01
CSD URI: TBD
Additional Resources : http://
Approval Link:
https://lists.oasis-open.org/archives/xacml/201307/msg00026.html
Abstract:
With the rise in popularity of APIs and its consumerization, it becomes
important for XACML to be easily understood in order to increase the
likelihood
it will be adopted. In particular, XML is often considered to be too verbose.
Developers increasingly prefer a lighter representation using JSON, the
JavaScript object notation.
This profile aims at defining a JSON format for the XACML request and
response.
It also defines the transport between client (PEP) and service (PDP).
TC Description: XACML is expected to address fine grained control of
authorized
activities, the effect of characteristics of the access requestor, the
protocol
over which the request is made, authorization based on classes of activities,
and content introspection (i.e. authorization based on both the requestor and
potentially attribute values within the target where the values of the
attributes may not be known to the policy writer). XACML is also expected to
suggest a policy authorization model to guide implementers of the
authorization
mechanism.
Notification List:
Notes:
The results of this submission may be viewed at:
http://tools.oasis-open.org/issues/browse/TCADMIN