On May 7, Andras Cser of Forrester Research, Inc. posted a thought-provoking blog entry entitled “XACML is Dead” which postulated that there wasn’t any future for XACML.
At CA Technologies we have long supported a broad range of industry standards such as LDAP, X.509, WS-Federation, SAML, WS-Security, REST, SPML as well as more recent standards like OpenID, OpenID Connect and OAuth, thereby successfully shielding our customers from having to develop support for complex security protocols such as these. This has the benefit of helping our customers to quickly incorporate them into their application infrastructure as needed and at a lower overall cost.
From our perspective, XACML 3.0 was recently ratified and we endorse the additional activity currently underway to support REST and JSON encoding of the request/response formats which will help to keep it relevant. Standards are important when they can deliver interoperability while solving customer problems and do so within the constraint of an overtaxed IT budget and resources.
We will continue to support the standards that customers deem important and incorporate them into CA SiteMinder® as we maintain our investment in the industry-leading solution for single sign-on and access management.