Requests

The XACML-JSON PDP API first converts the XACML-JSON request to a batch decision request for the policy decision point to be consumed by the Policy Decision Service. Policies can match a decision request by Service, Domain, Action, or other attributes.

The example XACML-JSON request body illustrates the conversion to a batch decision request.

The example request shows a single decision request with the following attributes:

The following table shows how these values map from the Trust Framework entities to the XACML-JSON request.

Parent (JSON Path) Field (JSON Path) PingAuthorize Trust Framework type Example value
$.Request $.AccessSubject[*].Attribute[?(@.AttributeId == "domain")].Value Domain Sales.Asia Pacific
$.Action[*].Attribute[?(@.AttributeId == "action")].Value Action Retrieve
$.Resource[*].Attribute[?(@.AttributeId == "service")].Value Service Mobile.Landing page
$.Environment[*].Attribute[?(@.AttributeId == "symphonic-idp")].Value Identity Provider Social Networks.Spacebook
$.Category[*].Attribute[?(@.AttributeId == "attribute:Prospect name")].Value Other Attribute (`Prospect name` in this case) B. Vo

Responses

The XACML-JSON PDP API converts batch decision responses to a XACML-JSON response.

XACML-JSON responses include decisions, such as Permit or Deny, and any obligations or advice that matched during policy processing.

The following table shows the mapping from a decision response to an XACML-JSON response.

Parent (JSON Path) Field (JSON Path) PingAuthorize Trust Framework type
$.Response[*] $.Decision Decision
$.Response[*].Obligations[*] Advice (obligatory)
$.Id Advice code
$.AttributeAssigments[?(@.AttributeId == "payload")].Value Advice payload
$.Response[*].AssociatedAdvice[*] Advice (non-obligatory)
$.Id Advice code
$.AttributeAssigments[?(@.AttributeId == "payload")].Value Advice payload