Of course Jackson’s post on SAML vs. XACML for authorization caught my eye and I wanted to add some thoughts… First, I don’t think it’s a Betamax vs. VHS zero sum game. Exchanging attributes (claims) via SAML tokens is a reasonable place to start for relatively simple application authorization. I will resist the urge to [...]
