The XACML-JSON PDP API converts batch decision responses to a XACML-JSON response.
XACML-JSON responses include decisions, such as Permit
or
Deny
, and any obligations or advice that matched during policy
processing.
Note:
The Policy Enforcement Point (PEP) must apply any obligations or advice.
The following table shows the mapping from a decision response to a XACML-JSON response.
Parent (JSON Path) | Field (JSON Path) | PingAuthorize Trust Framework type |
---|---|---|
$.Response[*] |
$.Decision |
Decision |
$.Response[*].Obligations[*] |
|
Advice (obligatory) |
$.Id |
Advice code | |
$.AttributeAssigments[?(@.AttributeId ==
"payload")].Value |
Advice payload | |
$.Response[*].AssociatedAdvice[*] |
|
Advice (non-obligatory) |
$.Id |
Advice code | |
$.AttributeAssigments[?(@.AttributeId ==
"payload")].Value |
Advice payload |
The following example is an appropriate response based on the request in Requests.
{
"Response": [{
"Decision": "Permit",
"Obligations": [{
"Id": "obligation-id",
"AttributeAssignments": [{
"AttributeId": "payload",
"Value": "payload-value"
}]
}],
"AssociatedAdvice": [{
"Id": "advice-id",
"AttributeAssignments": [{
"AttributeId": "payload",
"Value": "payload-value"
}]
}]
}]
}
In this example, it is up to the application server to handle the obligations and advice in the response.