XACML-JSON responses include decisions, such as Permit or Deny, and any obligations or advice that matched during policy processing.

Note:

The Policy Enforcement Point (PEP) must apply any obligations or advice.

The following table shows the mapping from a decision response to a XACML-JSON response.

Parent (JSON Path) Field (JSON Path) PingAuthorize Trust Framework type
$.Response[*] $.Decision Decision
$.Response[*].‚ÄčObligations[*] Advice (obligatory)
$.Id Advice code
$.AttributeAssigments[?(@.AttributeId == "payload")].Value Advice payload
$.Response[*].‚ÄčAssociatedAdvice[*] Advice (non-obligatory)
$.Id Advice code
$.AttributeAssigments[?(@.AttributeId == "payload")].Value Advice payload

The following example is an appropriate response based on the request in Requests.

{  
  "Response": [{
    "Decision": "Permit",
    "Obligations": [{
      "Id": "obligation-id",
      "AttributeAssignments": [{
        "AttributeId": "payload",
        "Value": "payload-value"
      }]
    }],
    "AssociatedAdvice": [{
      "Id": "advice-id",
      "AttributeAssignments": [{
        "AttributeId": "payload",
        "Value": "payload-value"
      }]
    }]
  }]
}

In this example, it is up to the application server to handle the obligations and advice in the response.