Myth Busting, XACML Style
MythBusters is a popular TV series that attempts to prove or disprove popular beliefs, rumors, or “myths.” Their topics have ranged from whether cell phones interfere with a plane’s instruments (they don’t) to whether a fingerprint reader could be spoofed (it was). In the realm of XACML, there are also what we would consider myths or at least mis-conceptions.
Over the next several weeks, I will address the following candidate myths and share some of Axiomatics’ perspectives. If you have others that should be added to the list, please let me know.
- XACML will cause performance problems for my application
- The XACML policy language does not cover my complex application scenarios
- XACML authorization systems are not “stateful”
- Administrators do not understand XACML
- Another standard? Can’t we do this with SAML (addressed this one previously)
- XACML is an immature standard
- XACML does not define the communication protocol between PDP and PEP
- XACML is only good for SOA deployments
Thanks to David, Erik, and Ludwig for their inputExplore posts in the same categories: XACML