Myth Busting, XACML Style

MythBusters is a popular TV series that attempts to prove or disprove popular beliefs, rumors, or “myths.” Their topics have ranged from whether cell phones interfere with a plane’s instruments (they don’t) to whether a fingerprint reader could be spoofed (it was). In the realm of XACML, there are also what we would consider myths or at least mis-conceptions.

Over the next several weeks, I will address the following candidate myths and share some of Axiomatics’ perspectives. If you have others that should be added to the list, please let me know.

  • XACML will cause performance problems for my application
  • The XACML policy language does not cover my complex application scenarios
  • XACML authorization systems are not “stateful”
  • Administrators do not understand XACML
  • Another standard? Can’t we do this with SAML (addressed this one previously)
  • XACML is an immature standard
  • XACML does not define the communication protocol between PDP and PEP
  • XACML is only good for SOA deployments

Thanks to David, Erik, and Ludwig for their input

Explore posts in the same categories: XACML

One Comment on “Myth Busting, XACML Style”


  1. I’m looking forward to this. I’d love to add another bullet to the list, if I may. If you could address the perception that application developers will never be able to change their habits to abstract all the places where the decisions need to be made inside applications well enough to take full advantage of XACML, that would be cool.

    GG: OK Jonathan, it’s on the list!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s