Is there a JSON profile to define XACML policies?

Question

I'm novice with the XACML world. I've read some documentation regarding JSON and REST profiles of the v3.0 standard but everything I can find is related to XACML requests and responses and not policies (which is the part I'm interested in).

Is there any documentation about how should XACML policies be defined using a JSON profile instead of the traditional XML format?

Answer 1

No there isn't at the moment. The JSON profile of XACML only deals with XACML requests and responses. The idea behind the profile is to provide a more lightweight way of sending and receiving XACML requests / responses.

Since policies are typically at rest, the encoding of the policy doesn't matter so much.

That said, there are 3 initiatives you may be interested in:

• the ALFA profile of XACML: this is a pseudo-code notation used to write XACML policies in an easy way. Axiomatics, the company I work for, is currently submitting the spec to the OASIS XACML Technical Committee as a profile.
  • There is a free plugin for Eclipse you can use to write ALFA. Download it here
  • I uploaded ALFA tutorials to YouTube. They are all available here.
• Bernard Butler of the Waterford Institute of Technology did implement XACML policies in JSON. You can find some of his work here. It uses a lot of the same ideas used in the JSON profile
• Ron Turner of nMed LLC has also done some work in that space. You can find a presentation on the topic here.