I didn't file the bug but have a couple of comments.
XACML support could mean a lot of things, but some possible features could be things like:
- Support expressing Shiro policies in XACML
- Integrate Shiro with a XACML PDP - so that runtime decisions are made by the PDP (and maybe cached by Shiro?)
- Support more "XACML"ish features in the API. For example, XACML has Obligations
(allow this operation, but you must log the result, etc..).
Whether or not these are actually useful features, I can not say
I think most of the XACML use cases are outside the bounds of a single application (e.g. Enterprises wanting
to administer policy in a central location). Whether or not this makes sense for Shiro is an open question.
I can see Obligations as being an interesting feature for the API - but am not sure how you would make it sufficiently generic.