[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: complexity going forward
I've been spending the last several weeks working with XACML from the point of view of a policy writer and a systems programmer (as opposed to my previous point of view as implementor), and I thought I'd share two observations. 1. XACML is very cool. There are a lot of powerful features in this language that really work. I was able to build a lot of complex policies without extending too many pieces...just custom code to find policies and attributes, which is needed in almost any system. So far everyone who's seen the demo has been way impressed by what XACML can do. 2. Working with XACML is really hard. The tradeoff to building flexible, expressive, generic languages is that they can be hard to work with, and XACML is definately that. It becomes even more of a challenge when you start to build up real systems around XACML and you have to figure out how all the pieces fit together and how one change can affect many different policies and queries. I bring this up because I'm seeing a lot of new work items in the TC, and some of them look like they'll make things even more complex. Don't get me wrong, I'm all for the standard pushing forward and the right features getting added to the system, but there isn't a lot to help people along, and so I wonder whether users need a little bit of support before the standard should push in too many more confusing features. I'm particularly curious about demand for some of the features being discussed. I'm seeing a lot of use cases, but none of them seem to be backed up by real-world scenarios or comments from people actually using XACML in anything. So far my experience is that the language has almost everything that I need, and that seems to be the common opinion that I've heard from others too. Again, I wouldn't want to slow down the progress being made here, and I'm not trying to question any particular feature, but I'm wondering how many new features are coming from "it would be cool if we could do this" versus features that are coming from real demand. Given how complex XACML 1.0 already is, I would hope that most features that get added quickly fall into the second catgory. Anyway, I just wanted to bring these issues up since I haven't really seen them discussed much on the list. Apologies if I've made anyone upset...I really just want to understand where a number of these features are coming from. thanks seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]