All geek questions in one place

XACML API Design

The XACML specification currently defines a protocol for request / response, but leaves it an interpretation of how it can be integrated into an enterprise application. I believe that the XACML value will not be realized unless a new open source project is created that tries to develop / standardize around a set of common APIs.

For those who are familiar with XACML, I would like to understand their first reactions to the creation of such a project, will they be ready to contribute and what, in their opinion, will the XACML API look like?

+3
source share
5 answers

I may not understand the question, but does the SAML profile for XACML not do what you want? It defines SOAP formats for authzDecisionQuery entries and responses, which should be all you need for WSDL.

I built one of them around the Sun interpreter for DOD / DISA (its on forge.mil) and a much faster version (not yet redone) around a fully compiled implementation that directly converts XACML to Java code. The main goal is readability, not speed, but it is about ten times faster.

IMO XACML works, but is absolutely terrible, like a language for people to look at. I'm more interested in finding a situation-specific language to express XACML semantics so people can understand them. Java is superior to XACML for these hands, but Java is pretty awkward as a domain specific language. Perhaps Groovy?

PS: Attempto Controlled English (ACE). , , ACE ( ). , , NSA .

+3

Sun XACML API?

http://sunxacml.sourceforge.net/

( , . Hava sunxacml-devl.

+2

sunxacml . / - 2006 .

XACML - XACML- HERAS-AF.

+1

SAML- XACML WS-XACML - XACML PEP PDP. WSO2 Identity Server - .

...

+1

WS-XACML, , . SAML- XACML , , API.

Axiomatics SDK, .

, OpenAZ, Oracle Nextlabs. API PEP. , , .

:

James, I would seriously look at OpenAZ. There is a call every week on Thursdays in which you can take part.
+1
source

Source: https://habr.com/ru/post/1708161/

More articles:


All Articles