Myth Busting, XACML Style
MythBusters is a popular TV series that attempts to prove or disprove popular beliefs, rumors, or “myths.” Their topics have ranged from whether cell phones interfere with a plane’s instruments (they don’t) to whether a fingerprint reader could be spoofed (it was). In the realm of XACML, there are also what we would consider myths or at least mis-conceptions.
Over the next several weeks, I will address the following candidate myths and share some of Axiomatics’ perspectives. If you have others that should be added to the list, please let me know.
- XACML will cause performance problems for my application
- The XACML policy language does not cover my complex application scenarios
- XACML authorization systems are not “stateful”
- Administrators do not understand XACML
- Another standard? Can’t we do this with SAML (addressed this one previously)
- XACML is an immature standard
- XACML does not define the communication protocol between PDP and PEP
- XACML is only good for SOA deployments
Thanks to David, Erik, and Ludwig for their input
Explore posts in the same categories: XACML
Analyzing Identity 
April 9, 2010 at 8:11 am
I’m looking forward to this. I’d love to add another bullet to the list, if I may. If you could address the perception that application developers will never be able to change their habits to abstract all the places where the decisions need to be made inside applications well enough to take full advantage of XACML, that would be cool.
GG: OK Jonathan, it’s on the list!