{"id":24475370,"url":"https://github.com/authzforce/xacml-json-model","last_synced_at":"2025-04-13T13:07:23.858Z","repository":{"id":40263465,"uuid":"111963276","full_name":"authzforce/xacml-json-model","owner":"authzforce","description":"Data model for JSON Profile of XACML 3.0","archived":false,"fork":false,"pushed_at":"2024-06-02T21:48:17.000Z","size":256,"stargazers_count":16,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"develop","last_synced_at":"2025-04-13T13:07:07.481Z","etag":null,"topics":["json-schema","xacml"],"latest_commit_sha":null,"homepage":null,"language":"XSLT","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authzforce.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2017-11-24T23:45:09.000Z","updated_at":"2024-08-13T22:59:45.000Z","dependencies_parsed_at":"2022-08-17T19:50:33.107Z","dependency_job_id":"c8a3a252-42c1-4577-a5d1-e8f44850d943","html_url":"https://github.com/authzforce/xacml-json-model","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Fxacml-json-model","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Fxacml-json-model/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Fxacml-json-model/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authzforce%2Fxacml-json-model/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authzforce","download_url":"https://codeload.github.com/authzforce/xacml-json-model/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248717242,"owners_count":21150389,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["json-schema","xacml"],"created_at":"2025-01-21T09:14:35.570Z","updated_at":"2025-04-13T13:07:23.838Z","avatar_url":"https://github.com/authzforce.png","language":"XSLT","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Javadocs](http://javadoc.io/badge/org.ow2.authzforce/authzforce-ce-xacml-json-model.svg)](http://javadoc.io/doc/org.ow2.authzforce/authzforce-ce-xacml-json-model)\n\n# XACML/JSON Request and Response JSON schema (XACML/JSON Profile standard) and validation\nThis project provides JSON schemas for validating XACML Requests/Responses according to JSON Profile of XACML 3.0:\n- [Request.schema.json](src/main/resources/org/ow2/authzforce/xacml/json/model/Request.schema.json) for validating XACML/JSON Requests;\n- [Response.schema.json](src/main/resources/org/ow2/authzforce/xacml/json/model/Response.schema.json) for validating XACML/JSON Responses.\n\nThe project also provides a [library](src/main/java/org/ow2/authzforce/xacml/json/model/XacmlJsonUtils.java) for validating XACML Requests/Responses against both these JSON schemas and security constraints in order to mitigate JSON parsing Denial-of-Service attacks, e.g. such as string size, array size, number of keys, depth (see [LimitsCheckingJSONObject class](src/main/java/org/ow2/authzforce/xacml/json/model/LimitsCheckingJSONObject.java)).\n\nCheck the [test classes](src/test/java) to find out usage examples.\n\n# XACML/JSON Policy JSON schema and validation\n\nAlthough the standard JSON Profile of XACML does not define a JSON format for XACML Policy(Set), this AuthzForce project defines such format in a JSON schema which can be used for validation:\n[Policy.schema.json](src/main/resources/org/ow2/authzforce/xacml/json/model/Policy.schema.json).\n\nThere are a few high-level differences between this JSON schema and the standard XACML/XML schema for Policies/PolicySets:\n* A more generic Policy model: \n  * No distinction between Policy and PolicySet in JSON schema, so a Policy and PolicySet definitions are merged, and Policy may enclose Policies (like a PolicySet may enclose PolicySets)\n  * Policy/Rule's Version is optional in JSON schema\n  * Policy may have a Condition (in addition to Target), like a Rule\n  * Match may have VariableReference instead of AttributeDesignator/AttributeSelector\n* Type PepActionExpression replaces Obligation/Advice with a boolean property \"required\" to make the difference (=true for Obligation, =false for Advice)\n* DataType defined at Attribute level, not AttributeValue level, like in standard XACML/JSON Profile\n* Apply must have at least one arg to the function\n* Several XACML/XML features are not translatable to JSON, or require a non-standard - possibly complex - convention or workaround to be translated to JSON, due to limitations of JSON, JSON Schema or of the implementation library (everit json-schema). See next section in this document for more info.\n\nMore info:\n- http://json-schema.org/draft-06/json-schema-release-notes.html#q-what-happened-to-all-the-discussions-around-re-using-schemas-with-additionalproperties\n- https://github.com/everit-org/json-schema/issues/184#issuecomment-393419878, should be fixed in next draft 08: https://github.com/json-schema-org/json-schema-org.github.io/issues/77\n\n# XACML/XML - XACML/JSON conversion\n\nBefore we present the various utilities for XACML/XML to XACML/JSON conversion, you should **be aware of the following limitations of JSON when compared to XML** as this may cause information loss in any XML-to-JSON conversion:\n- No multi-line string (used in XACML Description and AttributeValue elements)\n- No equivalent for XML mixed content (may be used in AttributeValues)\n- No comments (like XML comments).\n- No support for (object-oriented) inheritance/extension/polymorphism (may be used in AttributeValues): https://github.com/json-schema-org/json-schema-spec/issues/348\n- Much fewer built-in types, e.g. no date/time type: https://github.com/json-schema-org/json-schema-spec/issues/199\n- Other issues considered for next JSON schema drafts:\nhttps://github.com/json-schema-org/json-schema-spec/milestones\n\n## Converting XACML/XML Requests/Responses to JSON\nThis project provides XSLT stylesheets for XACML/XML Requests (and Responses) to XACML/JSON conversion according to JSON Profile of XACML:\n\n- [xacml-request-xml-to-json.xsl](src/test/resources/xacml-request-xml-to-json.xsl): XSLT stylesheet for XACML Request conversion;\n- [xacml-response-xml-to-json.xsl](src/test/resources/xacml-response-xml-to-json.xsl): XSLT stylesheet for XACML Response conversion;\n- [xacml-common-xml-to-json.xsl](src/test/resources/xacml-common-xml-to-json.xsl): XSLT stylesheet shared therefore required by previous stylesheets.\n\nIn order to use these, first download all of them to the same folder (or just do a `git clone` of the project), then pass the `xacml-request-xml-to-json.xsl` (resp. `xacml-response-xml-to-json.xsl`) file as stylesheet parameter to the XSLT processor for Request (resp. Response) conversion. \n\n**WARNING: the XSLT processor must support XSLT 3.0 or later**, e.g. [Saxon](https://www.saxonica.com/products/products.xml) 9.8+.\n\nHere is a command-line example to convert a XACML/XML Request with Saxon for Java (you may find the SAXON jar on [SAXONICA's website](https://www.saxonica.com/download/java.xml) or in your local Maven repository if you built this project from source already, e.g. `~/.m2/repository/net/sf/saxon/Saxon-HE/9.8.0-15/Saxon-HE-9.8.0-15.jar`):\n\n```\n$ java -jar Saxon-HE-9.8.0-15.jar -xsl:/path/to/xacml-request-xml-to-json.xsl -s:/path/to/xacml-request.xml -o:/path/to/request.json\n```\n*Remove the `-o` option if you don't want the output to a file but directly to the console.*\n\n## Converting XACML/XML Policy(Set) to JSON and vice versa\nAs mentioned before, this AuthzForce project provides its own JSON format for XACML Policy(Set) in a JSON schema. It also provides stylesheets to convert from the standard XACML/XML Policy format to this JSON format, and vice versa:\n\n- [xacml-policy-xml-to-json.xsl](src/test/resources/xacml-policy-xml-to-json.xsl): XSLT stylesheet for converting XACML Policy(Set) from XML (standard) to JSON (custom AuthzForce format);\n- [xacml-policy-json-to-xml.xsl](src/test/resources/xacml-policy-json-to-xml.xsl): XSLT stylesheet for converting XACML Policy(Set) from JSON (custom AuthzForce format) to XML (standard);\n- [xacml-common-xml-to-json.xsl](src/test/resources/xacml-common-xml-to-json.xsl): XSLT stylesheet shared therefore required by previous stylesheets.\n\nIn order to use these, first download all of them to the same folder (or just do a `git clone` of the project), then pass the `xacml-policy-xml-to-json.xsl` (resp. `xacml-policy-json-o-xml.xsl`) file as stylesheet parameter to the XSLT processor for XML-to-JSON (resp. JSON-to-XML) conversion. \n\n**WARNING: the XSLT processor must support XSLT 3.0 or later**, e.g. [Saxon](https://www.saxonica.com/products/products.xml) 9.8+.\n\nFor the JSON-to-XML conversion, you have to specify the input JSON file as `inJsonFile` stylesheet parameter, and force the XSLT processor to use the default initial template (`xsl:initial-template`). You should not have to specify a source XML file. If you have to, use a [dummy one](src/test/resources/dummy.xml).\n\nHere is a command-line example to convert a XACML Policy from XML to JSON with Saxon for Java (you may find the SAXON jar on [SAXONICA's website](https://www.saxonica.com/download/java.xml) or in your local Maven repository if you built this project from source already, e.g. `~/.m2/repository/net/sf/saxon/Saxon-HE/9.8.0-15/Saxon-HE-9.8.0-15.jar`):\n\n```\n$ java -jar Saxon-HE-9.8.0-15.jar -xsl:/path/to/xacml-policy-xml-to-json.xsl -s:/path/to/Policy.xml -o:/path/to/Policy.json\n```\n*Remove the `-o` option if you don't want the output to a file but directly to the console.*\n\n... and an example to convert back the Policy from JSON to XML (e.g. `Policy.json -\u003e Policy.xml`):\n\n```\n$ java -jar Saxon-HE-9.8.0-15.jar -xsl:/path/to/xacml-policy-json-to-xml.xsl -it -o:/path/to/Policy.xml inJsonFile=/path/to/Policy.json\n```\n*Remove the `-o` option if you don't want the output to a file but directly to the console.*\n\n# Disabling JSON Profile compliance\nWhen using any of the aforementioned XML-to-JSON stylesheets, you may disable compliance with the JSON Profile of XACML by specifying the stylesheet parameter (same way as `inJsonProfile`): `useJsonProfile=no`.\nAs a result, the JSON output will be modified as follows: \n1. The property name for the array of attribute values will be `Values` instead of `Value` (makes more sense, doesn't it?);\n1. Property names will be in lower camel case instead of upper camel case, which is a more common practice among JSON API specifications;\n1. A few property names will be shortened.\n\n# XSD-to-JSON-schema generation\n[JSON schemas](src/main/resources/org/ow2/authzforce/xacml/json/model) were bootstrapped with XML-schema-to-JSON generation tool `xsd2json2`. Then significant refactoring and adaptation to draft 6 of JSON schema has been done.\n\n## Notes on using `xsd2json2`\nWARNING: xsd2json2 supports only draft 4 but it is close to draft 6.\nBefore using xsd2json, first install SWI-Prolog package that is required to avoid issue: https://github.com/fnogatz/xsd2json/issues/22\n\n```\n$ sudo apt install swi-prolog\n$ npm install -g xsd2json2\n$ xsd2json2 -v ~/git/authzforce-ce-parent.git/xacml-model/src/main/resources/xacml-core-v3-schema-wd-17.xsd \u003e xacml-core-v3-schema-wd-17.jsonschema\n```\n\n## OTHER XSD-to-JSON GENERATION TOOLS TESTED THEN DISCARDED\n### jsonschema.net\nFor info, you can generate first draft of JSON schema from request.json on https://jsonschema.net/#/editor but it only supports draf 04 and this is not really useful because you would need to spend time to make a Request covering all possibilities to build a good schema. (Is that even possible?)\n\n### JSONix schema compiler\nSee https://github.com/highsource/jsonix-schema-compiler/wiki/JSON-Schema-Generation\nNot a good idea actually, because this changes many things compared to original XML and tries to keep distinction between XML attributes and elements and refers to JSONix custom non-standard types for each XML type, which is not what we want, \n```\n$ sudo npm install -g jsonix-schema-compiler\n$ java -jar /usr/local/lib/node_modules/jsonix-schema-compiler/lib/jsonix-schema-compiler-full.jar -generateJsonSchema ~/git/authzforce-ce-parent.git/xacml-model/src/main/resources/xacml-core-v3-schema-wd-17.xsd\n```\n\nThis generates .js and oasis_names_....jsonschema files.\n\n# TODO\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthzforce%2Fxacml-json-model","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauthzforce%2Fxacml-json-model","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthzforce%2Fxacml-json-model/lists"}