[prabaths]

I agree XACML has lot of complexities. But if you look at the recent developments, you can now have both XACML request and response JSON based - and the communication between the PEP and PDP in a RESTful manner. Also - there is a standard coming up to have a JSON representation of XACML policies. BTW, this blog only presents an architectural model - it can be any policy language. Recently I found Netflix uses the same model for policy distribution but instead of XACML, uses PADME. For me more than the language, the issue XACML having is maintainability, auditability and governance. There are tools around to support that. Even PADME does not solve these problems.

[davegardner]

I've done a fair bit of reading around policy-based authorization but have never heard of PADME. For the life of me I can't find anything about it in any Google searches. Can you point me at a reference for any information about it?

[prabaths]

This was discussed at a Netflix meetup. The official site is www.padme.io. Also you can find the video recording of that meetup from https://www.youtube.com/watch?v=dim85J5cLq4 - OPA and PADME are discussed from 33:49. Also check http://www.openpolicyagent.org/.