+

Does the JSON profile for XACML support MDP

JSON, or JavaScript Object Notation is a more lightweight and arguably a more easy-to-work with format than XML which is typically used in data exchange (e.g request/response) between Policy Enforcement Point (PEP) and Policy Decision Point (PDP).

MDP, or Multiple Decision Profile is a standards-based way of grouping multiple similar access requests into a single “batch” request which will reduce the performance cost incurred by over-the-network use. The combined use of JSON and MDP then should offer higher performance still.

Axiomatics own David Brossard authored the JSON profile specification for XACML, now part of the OASIS XACML 3.0 Standard. As a consequence, Axiomatics also supports the JSON over REST authorization interface on its PDP’s in Axiomatics Policy Server (APS).   

Naturally, the full scope of the JSON profile is supported, including the use of MDP.

Example

{ "Request": { "AccessSubject": { "Attribute": [ {"AttributeId":"employeeId","Value":"Alice"}     ] }, "Resource": [  {"Attribute": [ {"AttributeId":"recordId","Value":"123"} ]}, {"Attribute": [ {"AttributeId":"recordId","Value":"124"} ]} ], "Action": { "Attribute": [ {"AttributeId":"actionId","Value":"view"} ] } } }

This MDP Request asks “Can a user with the role Insurance Agent approve insurance claim 123 and 456”? Note the two resources that are bundled in the request.

For Further Details on JSON and MDP

 

If you have any question related to access control in need of an answer, send them to [email protected].

 

Related Articles

Meeting today’s dynamic authorization and access challenges: The Axiomatics story | Dynamically Speaking
Dynamically Speaking
For more than 15 years, Axiomatics has worked with companies worldwide to define and deliver solutions to the most complex authorization and access challenge. In...
Getting started with Zero Trust using dynamic authorization | Dynamically Speaking
Dynamically Speaking
Zero Trust. It’s everywhere. It’s a methodology that’s been around for years, and we are now seeing a significant uptick in the number of enterprises...
The case for dynamic authorization in banking and finance
Attribute Based Access Control (ABAC)
More than other organizations, banks, and financial institutions face the highest levels of scrutiny when it comes to how they protect critical assets and sensitive...