OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-comment] XACML standard

Hi Sagar,

I have worked with XACML and WSO2 servers for quite a time now. Hope my comments below will help you.

On Dec 21, 2017 10:28 PM, "Sagar Limaye" <sagarl3232@hotmail.com> wrote:

I understand the motivation, but almost all implementations of it have terrible documentation, some are not even free and the free ones don’t even work as described in the documentation. AuthzForce documentation is horrible, for example. I tried to install and use it, but my Eclipse IDE just doesn’t recognize its classes and functions. Ws02 server doesn’t give the correct responses to the requests against the policies I used, and it’s not free. The other implementations like Balana or SunXACML are either abandoned, or only support 2.0.

Sorry to hear about your difficulty. But above is not true. Balana is the XACML engine used in WSO2 Identity Server and it supports both XACML 2.0 and 3.0. Regarding the problem that expected result not been returned against policy, I have seen this problem occurring due to a config issue of trying the requests against PDP while not publishing policies to PDP.
Also it's totally free. You can download the product from website as well as browse through the code in GitHub. 

I can send you the links if needed. I think you can always reach out to developer community of each vendor to get any help, if the documents doesn't help.

Hope you will get through this initial friction and start to like it sometime later for the power of XACML.

All this makes me wonder why this standard exists. I don’t want to waste my time learning it anymore.



From: rich levinson
Sent: Tuesday, December 19, 2017 7:09 PM
To: Sagar Limaye; xacml-comment@lists.oasis-open.org
Subject: Re: [xacml-comment] XACML standard


Hi Sagar,

I feel bad that you had difficulty w the std.

It is true that as a stand-alone document, it is pretty difficult
for a beginner to get a good understanding of the motivation
behind the standard, which is to standardize repreesentation
of security policy for authorization and/or authentication.

I would suggest using google to search for:
    xacml tutorial

Some of these tutorials may provide the necessary context
for being able to more effectively use the spec.

  Rich Levinson

On 12/19/2017 1:14 PM, Sagar Limaye wrote:


This is the worst standard I have ever seen. There is literally no documentation available to get beginners to use it. The implementations listed on the website are all half-assed, and some are non existent. I can't believe how much time I wasted this semester trying to research into XACML, it ruined the grade for one of my classes. I hope I never have to use this useless standard ever again.

Thanks for nothing,




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]