ContextId JSON example

The ContextId attribute must contain the full policy key, that is the server and the resourceUri.

For a reverse proxy resource with the server isam.ibm.com-default and resourceUri /protected, the corresponding XACML JSON request would be:

{ 
    "Request": { 
        "Action": { 
            "Attribute": [ 
                { 
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id", 
                    "DataType": "string", "Value": "GET" 
                } 
            ] 
        },
        "Resource": { 
            "Attribute": [ 
                { 
                    "AttributeId": "urn:oasis:names:tc:xacml:1.0:resource:resource-id", 
                    "DataType": "string", "Value": "/protected" 
                } 
            ] 
        }, 
        "Environment": { 
            "Attribute": [ 
                { 
                    "AttributeId": "ContextId", "DataType": "string", "Value": 
                    "/WebSEAL/isam.ibm.com-default/protected", "Issuer": 
                    "http://security.tivoli.ibm.com/policy/distribution", 
                } 
            ] 
        }    } 
}

If the policy attached to isam.ibm.com-default/protected results in a Permit decision, the XACML JSON response would be:

{
    "Response": [
        {
            "Status": {
                "StatusCode": {
                    "Value":"urn:oasis:names:tc:xacml:1.0:status:ok"
                }            },
            "Decision":"Permit"
        }    ]
}

Parent topic: Invoking the RTSS XACML engine