<div dir="ltr"><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Jan 6, 2014 at 2:56 PM, Georgy Okrokvertskhov <span dir="ltr"><<a href="mailto:gokrokvertskhov@mirantis.com" target="_blank">gokrokvertskhov@mirantis.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>Hi,</div><div><br></div><div>In Solum project we will need to implement security and ACL for Solum API. Currently we use Pecan framework for API. Pecan has its own security model based on SecureController class. At the same time OpenStack widely uses policy mechanism which uses json files to control access to specific API methods.</div>

<div><br></div><div>I wonder if someone has any experience with implementing security and ACL stuff with using Pecan framework. What is the right way to provide security for API?</div></div></blockquote><div><br></div><div>
<div class="gmail_default" style="font-size:small">In ceilometer we are using the keystone middleware and the policy framework to manage arguments that constrain the queries handled by the storage layer.</div><div class="gmail_default" style="font-size:small">
<br></div><div class="gmail_default" style="font-size:small"><a href="http://git.openstack.org/cgit/openstack/ceilometer/tree/ceilometer/api/acl.py">http://git.openstack.org/cgit/openstack/ceilometer/tree/ceilometer/api/acl.py</a></div>
<div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">and</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">
<a href="http://git.openstack.org/cgit/openstack/ceilometer/tree/ceilometer/api/controllers/v2.py#n337">http://git.openstack.org/cgit/openstack/ceilometer/tree/ceilometer/api/controllers/v2.py#n337</a></div><div class="gmail_default" style="font-size:small">
<br></div><div class="gmail_default" style="font-size:small">Doug</div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><div><br></div><div>Thanks</div><span class=""><font color="#888888"><div>
Georgy</div>
</font></span></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div>