The JSON approach is rather arbitrary; keystone has an API to manage & publish policy blobs of any format (/v3/policies), and the policy engines themselves are completely pluggable. I don't think there's anything preventing a deployment from implementing an XACML based policy solution (if there is a blocker to using XACML, it's certainly a bug). -Dolph On Mon, Apr 29, 2013 at 4:50 AM, Xiangjun Qian <xiangjunqian at gmail.com>wrote: > Hi everyone, > > I'm currently looking at access control mechanisms of OpenStack and > finding that the access control policy is specified using JSON format. > > I'm wondering why we do not adopt an XML based approach like XACML, is it > because of the performance problem, or we just choose JSON as it's simple? > > Thank you very much for your feedback. > > Best Regards, > > -- > Xiangjun > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack at lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130429/44083866/attachment.html>