Yes - we believe this is of considerable interest - have you had any other responses?
Using Drools (aka JBoss Rules) for doing xacml evaluation may be a possibility. But why do it when you have full fledged Sun OSS implementation available free of charge.
Anything further to report with your investigations there? Drools provides very fast runtime queries of its working memory - ideal for acl query authorisation.
As far as using SunXACML goes. Well there is just one guy working on it and it doesn't seem very active, I've no idea how performant it is and it requires that the rules be expressed in XACML, which is hardly the tersest language around.
Drools seems a lot more active and I could possibly write a terser vocabulary to express the same policies.
Anyhow, I am currently using SunXACML but am still interested in exploring DROOLs for this purpose. As with anything, its all just a question of time, or rather lack of it.