The world’s fastest XACML engine

In the last few months, I have been reading statements from a wide variety of vendors / open-source XACML implementations that they have the world’s fastest 100% XACML standards-based engine. This reminds me of heated debates that involved national pride and engineering feats when the French and Japanese were head-to-head in designing the world’s fastest trains. And the Chinese have since then caught up. The Wikipedia article is a trove of trivia when it comes to speed and how records were achieved (or what they actually mean). In the table summary, I can spot quite a few ‘current world record’ labels… If by the time you finish reading the article, your head is not spinning one way or the other, […]

XACML 3.0 wins award at the European Identity Conference 2011 #EIC11

Today was a great day at EIC 2011 where Axiomatics is currently demoing its fine-grained authorization capabilities based on the latest version of the XACML standard, XACML 3.0. It ended with the usual ceremony awards where Tim Cole et al. handed out awards to various projects in the identity space (cloud security, IAM, entitlements management). A special award was handed to the XACML Technical Committee for its outstanding work on the latest version of XACML, XACML 3.0. Hal Lockart of Oracle and co-chair of the TC stepped up to accept the award and thanked the entire TC for a great group effort. He also thanked the editor of the XACML 3.0 specification, Erik Rissanen, CTO Axiomatics, for leading the effort […]

XACML 102 – Pimp my XACML – Part III: XSLT, Ajax, and stats

In a previous installment of ‘Pimp My XACML’, we illustrated how a bit of XSLT magic could actually change the structure of a XACML policy to convert into another document such as an HTML page be it XML-compliant or not. Today, we will push the tricks further and add a bit of AJAX magic as well as some basic statistics regarding our policy. For those of you who missed on the previous episode, check it out here. It describes how to run the samples using ant and xalan. Adding some stats to the XSLT This is the easy bit. All we need to do is count the number of items that match a certain pattern and display that neatly in […]

XACML 102 – Pimp my XACML – Part II: with XSLT

In my previous post on making XACML look pretty, we had a look at a very simple and easy way to add some colors / borders / general style to the XML via CSS. The CSS was interpreted by your browser and the result displayed there. CSS is simple and straightforward but it is also limited (not to mention it is probably not the most adequate tool for our purpose). The next level up is to use XSLT (part of the W3C XSL group of standards). At our level, in a very reductive and simple way, the key difference between CSS and XSLT is that CSS doesn’t touch the XML source. It merely adds style. XSLT, on the other hand, […]

XACML 102 – Pimp my XACML – Part I: with CSS

Have you recently looked at the XACML 2.0 schema? Or perhaps the newborn, XACML 3.0? Well as far as babies go, it ain’t the cutest. Sure, it’s not XACML’s fault. It’s just that XML and in particular schemas have never really been that friendly to read. But don’t worry, we can help. When it comes to cosmetic surgery, there are quite a few ways to enhance XML representation. There are two ways – grossly speaking – to make XML more user-friendly: use a bit of CSS magic to add a bit of colors to XACML use XSLT to transform XACML into any other language or format (you can even use XSL-FO to transform XACML into a PDF for instance) These […]