Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sun Releases Open Source XACML Language

Posted by Hemos on from the building-the-tools dept.

LowneWulf writes "An InternetNews.com article mentions that the OASIS standards group today ratified the Extensible Access Control Markup Language 1.0 specification. But even better, Sun Microsystems Labs has backed this up with an open-source version in Java on Sourceforge."

2 of 157 comments (clear)

  1. Re:What idiots by JanusFury · · Score: 4, Interesting

    This seems to be a mostly server-side technology, and Java is generally accepted on the server, so I don't see it as a bad thing that it's in Java.

    However, if this technology requires the client to implement some complex authentication stuff, you've got a problem. Exclusively tying your reference implementation to 'weighty' technologies like .NET or Java is a very negative thing, because many clients will either not have the necessary runtimes, or will have very outdated versions of them. Both .NET and Java weigh in at at least 10mb, and that will definitely hurt deployment of any technology.

    --
    using namespace slashdot;
    troll::post();
  2. XML stone soup by alext · · Score: 4, Interesting

    Like so many other "XML-based" standards, XACML is horribly constrained by the lack of general logical or procedural primitives in XML. As we all know, XML is not a programming language - it was never intended to be computationally complete - yet there seem to be a neverending stream of attempts that effectively try to turn it into one.

    It is a fundamental mistake to try to shoehorn semantics which will generally include logic - such as an access control decision - into a language which has no support for them. While XACML "is not intended to form the basis of an authorization decision by itself" it must of necessity include the means to combine and modify rules - hence requiring logical operators which of course have no standard representation in XML.

    The specific result is that each attempt to use XML for anything other than the simplest semantics (SOAP, Schema, XSLT, JSP...) must invent its own representations of operators, variables, modules and so forth.

    The general result is one unholy mess. We, the poor bloody coding infantry, have to face learning a dozen or more ways of representing the same fundamental concept in a multitude of languages, each supposedly specialized for a narrowly-defined task, but in reality incorporating almost-but-not-quite-all the features of a general purpose language. XML's ugly syntax becomes the least of our problems - that can always be hidden by visual tools or 'generators', but no tool is likely to be able to reunite fundamental concepts fragmented into so many different representations.

    Standards such as these do not represent progress, they represent a growing mass of redundancy that one day will have to be refactored into more coherent form. Anyone who studied LISP, or some other language capable of representing the popular data and programming paradigms (logic, procedural, declarative...) will be aware that common ways of representing such semantics have been known for decades. The fact that the practice of XML continues to ignore such basic prior art is an extraordinary indictment of the state of our industry today.

    I welcome any explanation from the individuals or organizations concerned as to what obliged them to make yet another idiosyncratic elaboration of the generally incoherent and unusable body of XML specifications.