[Openstack] Keystone JSON format access control policy
Xiangjun Qian
xiangjunqian at gmail.com
Mon Apr 29 15:13:30 UTC 2013
Hey Tks man~
On Mon, Apr 29, 2013 at 3:00 PM, Dolph Mathews <dolph.mathews at gmail.com>wrote:
> The JSON approach is rather arbitrary; keystone has an API to manage &
> publish policy blobs of any format (/v3/policies), and the policy engines
> themselves are completely pluggable. I don't think there's anything
> preventing a deployment from implementing an XACML based policy solution
> (if there is a blocker to using XACML, it's certainly a bug).
>
>
> -Dolph
>
>
> On Mon, Apr 29, 2013 at 4:50 AM, Xiangjun Qian <xiangjunqian at gmail.com>wrote:
>
>> Hi everyone,
>>
>> I'm currently looking at access control mechanisms of OpenStack and
>> finding that the access control policy is specified using JSON format.
>>
>> I'm wondering why we do not adopt an XML based approach like XACML, is it
>> because of the performance problem, or we just choose JSON as it's simple?
>>
>> Thank you very much for your feedback.
>>
>> Best Regards,
>>
>> --
>> Xiangjun
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
--
Xiangjun
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130429/a1c19036/attachment.html>
More information about the Openstack
mailing list