Use cases for the REST profile for XACML v3.0

  1. POST a XACML Request (in XML) to a PDP and receive a XACML Response. This would provide a simple means to test PDPs, verify policy evaluation, and compare implementations. Performance and scalability tests could be scripted using command-line tools such as wget or curl.

  2. GET a XACML Policy or PolicySet from a PAP using a predictable URI formed with the PolicyId or PolicySetId (such as http://example.com/pap-service/policies/ExportPolicy).

  3. Authorization-as-a-Service In a cloud environment, all functionality is exposed over the network in the form of web services. The trend in web services is away from complex SOAP implementations to simpler REST architectures, driven by performance considerations, the desire for smaller technology stacks (e.g. JavaScript only), and easier upgrade paths. For authorization, these web services include functionality that deals with both the PDP and PAP, since policies need to be created before they can be evaluated. To allow the largest possible audience as consumers of the service, different media types should be supported: at a minimum XML and JSON.

Requirements for the REST profile for XACML v3.0

RestProfileRequirements (last edited 2012-02-09 19:16:53 by remon.sinnema)