openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #23091
Re: Keystone JSON format access control policy
The JSON approach is rather arbitrary; keystone has an API to manage &
publish policy blobs of any format (/v3/policies), and the policy engines
themselves are completely pluggable. I don't think there's anything
preventing a deployment from implementing an XACML based policy solution
(if there is a blocker to using XACML, it's certainly a bug).
-Dolph
On Mon, Apr 29, 2013 at 4:50 AM, Xiangjun Qian <xiangjunqian@xxxxxxxxx>wrote:
> Hi everyone,
>
> I'm currently looking at access control mechanisms of OpenStack and
> finding that the access control policy is specified using JSON format.
>
> I'm wondering why we do not adopt an XML based approach like XACML, is it
> because of the performance problem, or we just choose JSON as it's simple?
>
> Thank you very much for your feedback.
>
> Best Regards,
>
> --
> Xiangjun
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
>
Follow ups
References