Download your copy of our State of Authorization: Playbook Edition Get it now »

Does the JSON profile for XACML support MDP?

Axiomatics also supports the JSON over REST authorization interface on its PDPs, providing XACML support for MDP. Learn how.

JSON (JavaScript Object Notation) is a more lightweight and arguably a format that’s easier to work with than XML (Extensible Markup Language), which is typically used in data exchange (e.g request/response) between Policy Enforcement Point (PEP) and Policy Decision Point (PDP).

Multiple Decision Profile (MDP) is a standards-based way of grouping multiple, similar access requests into a single “batch” request which will reduce the performance cost incurred by over-the-network use.

The combined use of JSON and MDP should offer higher performance still.

I authored the JSON profile specification for XACML (eXtensible Access Control Markup Language), now part of the OASIS XACML 3.0 Standard.

As a result, Axiomatics also supports the JSON over REST authorization interface on its PDPs in our policy server.

Naturally, the full scope of the JSON profile is supported, including the use of MDP.

Example:

{ "Request": { "AccessSubject": { "Attribute": [ {"AttributeId":"employeeId","Value":"Alice"}    ] }, "Resource": [ {"Attribute": [ {"AttributeId":"recordId","Value":"123"} ]}, {"Attribute": [ {"AttributeId":"recordId","Value":"124"} ]} ], "Action": { "Attribute": [ {"AttributeId":"actionId","Value":"view"} ] } } }

This MDP Request asks “Can a user with the role Insurance Agent approve insurance claim 123 and 456?”.

Note the two resources that are bundled in the request.

If you’re interested in more details on JSON and MDP, check out these excellent resources:

If you’re also interested in learning more about how this works with Axiomatics, please reach out to our team and schedule a demo.


  Join us on LinkedIn for more insights
Archived under:
About the author

As Chief Technology Officer, David has experience leading the design and development of Salesforce’s identity offering including customer identity and access management (CIAM). He is a founding member of IDPro, a co-author of the OASIS XACML standard, and an expert on standard-based authorization as part of an overall IAM implementation.