Last week, I found myself having to write a lot of XACML policies and XACML requests at work, for a new project I am working on. I quickly found out that writing XACML by hand is dull, boring, and error-prone. This is hardly surprising, given that XACML policies and requests are XML documents.
I had a very quick look around, and while I found some XACML policy editors, such as the one included in WSO2 Identity Server, I couldn’t find anything that would make my life easier when writing XACML requests. Well, I could always use an existing PEP implementation and somehow capture the generated requests, but it’s a bit overkill for what I need to do.
So I decided to create my own DSL. I started Xtext, and quickly put together a simple language for XACML requests that will compile into (hopefully) correct XML. Nothing fancy for now – it really only does what I need it to do, does not support the complete XACML specification, and makes strong assumptions – at the moment, all attributes are Strings, for example.
Still, it is quite useful, at least to me, so I created a repository on Github to host it. I released it under GPLv3, and all contributions as well as suggestions are more than welcome. There is also a website for XACDL hosted on Github, that may or may not eventually contain more information about the language (website contributions are welcome too).
Before the first release (0.1, I guess) I’d like to add support for attribute types, and have an initial support for writing policies as well as requests. I’ll post updates on this blog as I keep improving the language.