XAMCL? No Thanks

XAMCL? No Thanks

That there are no new problems seems widely understood (save for the child and naïf) but it seems rarely do people bother to understand the historical solutions to these problems, that is to say, we focus almost exclusively on the facts of the problem without ever bothering to look at the principles or rules that may already be understood.  This kind of reflective thinking, along with analysis of principles derived from the experience of our predecessors whether extant or having suffered debitum naturae, extracts a large cognitive cost.  “Math is hard,” the philosopher Barbie once observed, as is all real analysis.

What we frequently do, because it extracts a low cognitive cost, is simply to allow things to move in the direction dictated by the promoter with the large megaphone, to prattle on mindlessly like a child, to ignore what has gone before, to ignore what theory there is and prefer the clustering of like minded people even if this is nothing more than a coterie of idiot enthusiasts.  It is easier to sit on the band wagon collecting money with all the other simpletons, than to go against the flow and think for yourself.

Nothing embodies this more than the widespread use of XML for things which it is poorly suited, especially data management.  In its early stages there were vigorous arguments against adopting it, but logic and reason are no match for fads backed by large corporations motivated by “innovation”, and quarterly results.

In proposing to use xml as the common “language” of security policy the authors of the specification write the following:

“XML is a natural choice as the basis for the common security-policy language, due to the ease with which its syntax and semantics can be extended to accommodate the unique requirements of this application, and the widespread support that it enjoys from all the main platform and tool vendors.”

This is specious reasoning if it can be called reasoning at all.  Can anyone show me a text based format that can’t be extended to accommodate the requirements of an application? In the second half of that sentence they note that xml has widespread “support.”    Socialism had widespread support among the intelligentsia,  but it doesn’t work well either.  To exchange data we only need to agree what to pass and what it means.  All real meaning exists in the hemispheres of the brain.  Since logic ignores context, the meaning is documented so we are not left to speculate.  If that view, that concept is missing we are stuck with speculation.  Anyone who has tried reading uncommented code or peered into a database without knowing the conceptual model, know this well.  Nearly all the early claims of xml’s benefits (especially about meaning and tags) have been abandoned and we are left with these two, everybody does it and I can make it do anything.

A while back there was a question posted on a Linked-In group titled “Is Role Based Access Control a dead end and Rule Based Access the future?” inevitably several said the answer to the problem is XAMCL. I don’t think so.  What drives the problems with role design versus using rules are really fundamental philosophical questions of categorization and classification (distinctly different concepts) and how we manage complexity.  To say the solution will be adapting yet another complex xml standard is laughable.  It really shows that one does not understand the fundamental nature of the problem. Maybe xml is the way to go but I doubt there was much reflective thinking before they started writing.  My best guess is that XAMCL will be as widely adapted as SPML and most likely will spawn efforts like this for the same reasons.


One thought on “XAMCL? No Thanks

  1. Hi,

    I think the attraction of XACML is the fact that it is a standard. It provides a common language/vocabulary/structure in which access management can be expressed.
    I agree that it’s quite complex, but in some situations complexity is unavoidable.
    There will be surely a need for very simple implementations.
    I wonder how UMA will evolve and what it’s impact will be.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s