Feeds

Analysts brawl over 'death' of markup language

Help us out here – does XACML matter?

Choosing a cloud hosting partner with confidence

XACML doesn't exactly roll off the tongue or set hearts racing – El Reg has seen fit to mention it one whole time in our web history.

But the standard, which reached version 3.0 in January 2013 and is billed as an authentication-enabler “that describes both a policy language and an access control decision request/response language”, has nonetheless sparked an online brawl between analyst firms Forrester and Gartner.

Forrester threw the first punch, declaring the standard “dead” and likely to be superseded by the inferior-but-easier-to-use Oauth because the scenarios XACML was designed to serve have either not come to pass or have become irrelevant.

Gartner retorts that XACML is a fine example of an externalized authorization management technology, of which the world needs more. XACML is jolly useful, Gartner argues, declaring it dead is just silly and there's a list of outraged bloggers named Gerry, Anil, Danny, and Remon who agree that's the case.

Is XACML going away any time soon? Probably not. Does anyone really care about it? Forrester says there's no commercial support, Gartner says some vendors can “... translate XACML into SDDL for Windows Dynamic Access Control.” Forrester says that kind of work requires custom development, which nobody loves. Gartner says RESTful XACML bindings will make the standard relevant again.

Help us out here, readers. Do you use XACML? Is it important to you? Did you look at it and run away screaming, or screw up your face in scorn and use another technology? Do you know which analyst is right, or should we spread a plague on both their houses? Hit the “Comment” button to share your XACML wit and wisdom, before its moment in the spotlight fades forever. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped
This is what happens if you hand your username and password to a 3rd-party
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.