Requests And Responses

Requests

The XACML-JSON PDP API first converts the XACML-JSON request to a batch decision request for the policy decision point to be consumed by the Policy Decision Service. Policies can match a decision request by Service, Domain, Action, or other attributes.

The example XACML-JSON request body illustrates the conversion to a batch decision request.

The example request shows a single decision request with the following attributes:

A domain of Sales.Asia Pacific
An action of Retrieve
A service of Mobile.Landing page
An identity provider of Social networks.Spacebook
A single attribute named Prospect name, with a value of B. Vo

The following table shows how these values map from the Trust Framework entities to the XACML-JSON request.

Parent (JSON Path) Field (JSON Path) PingAuthorize Trust Framework type Example value

Parent (JSON Path)	Field (JSON Path)	PingAuthorize Trust Framework type	Example value
`$.Request`	`$.AccessSubject[*].Attribute[?(@.AttributeId == "domain")].Value`	Domain	`Sales.Asia Pacific`
`$.Action[*].Attribute[?(@.AttributeId == "action")].Value`	Action	`Retrieve`
`$.Resource[*].Attribute[?(@.AttributeId == "service")].Value`	Service	`Mobile.Landing page`
`$.Environment[*].Attribute[?(@.AttributeId == "symphonic-idp")].Value`	Identity Provider	`Social Networks.Spacebook`
`$.Category[*].Attribute[?(@.AttributeId == "attribute:Prospect name")].Value`	Other Attribute (`Prospect name` in this case)	`B. Vo`

$.Request

$.AccessSubject[*].Attribute[?(@.AttributeId == "domain")].Value

Domain

Sales.Asia Pacific

$.Action[*].Attribute[?(@.AttributeId == "action")].Value

Action

Retrieve

$.Resource[*].Attribute[?(@.AttributeId == "service")].Value

Service

Mobile.Landing page

$.Environment[*].Attribute[?(@.AttributeId == "symphonic-idp")].Value

Identity Provider

Social Networks.Spacebook

$.Category[*].Attribute[?(@.AttributeId == "attribute:Prospect name")].Value

Other Attribute (Prospect name in this case)

B. Vo

Responses

The XACML-JSON PDP API converts batch decision responses to a XACML-JSON response.

XACML-JSON responses include decisions, such as Permit or Deny, and any obligations or advice that matched during policy processing.

Note: The Policy Enforcement Point (PEP) must apply any obligations or advice.

The following table shows the mapping from a decision response to an XACML-JSON response.

Parent (JSON Path) Field (JSON Path) PingAuthorize Trust Framework type

Parent (JSON Path)	Field (JSON Path)	PingAuthorize Trust Framework type
`$.Response[*]`	`$.Decision`	Decision
`$.Response[].Obligations[]`		Advice (obligatory)
`$.Id`	Advice code
`$.AttributeAssigments[?(@.AttributeId == "payload")].Value`	Advice payload
`$.Response[].AssociatedAdvice[]`		Advice (non-obligatory)
`$.Id`	Advice code
`$.AttributeAssigments[?(@.AttributeId == "payload")].Value`	Advice payload

$.Response[*]

$.Decision

Decision

$.Response[].Obligations[]

Advice (obligatory)

$.Id

Advice code

$.AttributeAssigments[?(@.AttributeId == "payload")].Value

Advice payload

$.Response[].AssociatedAdvice[]

Advice (non-obligatory)