--- title: Requests description: The XACML-JSON PDP API first converts the XACML-JSON request to a batch decision request for the policy decision point to be consumed by the Policy Decision Service. Policies can match a decision request by Service, Domain, Action, or other attributes. component: pingauthorize version: 10.1 page_id: pingauthorize:pingauthorize_server_administration_guide:paz_xacml_json_decision_requests canonical_url: https://docs.pingidentity.com/pingauthorize/10.1/pingauthorize_server_administration_guide/paz_xacml_json_decision_requests.html revdate: May 22, 2024 --- # Requests The XACML-JSON PDP API first converts the XACML-JSON request to a batch decision request for the policy decision point to be consumed by the Policy Decision Service. Policies can match a decision request by `Service`, `Domain`, `Action`, or other attributes. The following example XACML-JSON request body illustrates the conversion to a batch decision request. For an example with more than one decision request, see [Example](paz_xacml_json_peer_recognition_example.html). ```json { "Request": { "MultiRequests": { "RequestReference": [{ "ReferenceId": [ "dom", "act", "srv", "idp", "att" ] }] }, "AccessSubject": [{ "Id": "dom", "Attribute": [{ "AttributeId": "domain", "Value": "Sales.Asia Pacific" }] }], "Action": [{ "Id": "act", "Attribute": [{ "AttributeId": "action", "Value": "Retrieve" }] }], "Resource": [{ "Id": "srv", "Attribute": [{ "AttributeId": "service", "Value": "Mobile.Landing page" }] }], "Environment": [{ "Id": "idp", "Attribute": [{ "AttributeId": "symphonic-idp", "Value": "Social networks.Spacebook" }] }], "Category": [{ "Id": "att", "Attribute": [{ "AttributeId": "attribute:Prospect name", "Value": "B. Vo" }] }] } } ``` The previous example shows a single decision request with the following attributes: * A domain of `Sales.Asia Pacific` * An action of `Retrieve` * A service of `Mobile.Landing page` * An identity provider of `Social networks.Spacebook` * A single attribute named `Prospect name`, with a value of `B. Vo` The following table shows how these values map from the Trust Framework entities to the XACML-JSON request. | Parent (JSON Path) | Field (JSON Path) | PingAuthorize Trust Framework type | Example value | | ------------------ | ------------------------------------------------------------------------------ | ---------------------------------------------- | ---------------------------- | | `$.Request` | `$.AccessSubject[*].Attribute[?(@.AttributeId == "domain")].Value` | Domain | `Sales.Asia Pacific` | | | `$.Action[*].Attribute[?(@.AttributeId == "action")].Value` | Action | `Retrieve` | | | `$.Resource[*].Attribute[?(@.AttributeId == "service")].Value` | Service | `Mobile.​Landing page` | | | `$.Environment[*].Attribute[?(@.AttributeId == "symphonic-idp")].Value` | Identity Provider | `Social Networks.​Spacebook` | | | `$.Category[*].Attribute[?(@.AttributeId == "attribute:Prospect name")].Value` | Other Attribute (`Prospect name` in this case) | `B. Vo` | To illustrate how you can match rules against the `Prospect name` Trust Framework attribute, the following image shows how `Prospect name` is defined in the Policy Editor. In this example, the `Prospect name` attribute has a Request resolver and a **Value Settings Type** of `String`. ![Screen capture of the Attributes tab of the Trust Framework window in the Policy Editor. The Prospect name attribute is displayed configured as specified.](_images/azw1585224511059.png) | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------- | | | The Trust Framework attribute name must be a case-sensitive match with the decision request `AttributeId` after the `attribute:` prefix is removed. |