← Back to team overview

openstack team mailing list archive

Re: Keystone JSON format access control policy

 

The JSON approach is rather arbitrary; keystone has an API to manage &
publish policy blobs of any format (/v3/policies), and the policy engines
themselves are completely pluggable. I don't think there's anything
preventing a deployment from implementing an XACML based policy solution
(if there is a blocker to using XACML, it's certainly a bug).


-Dolph


On Mon, Apr 29, 2013 at 4:50 AM, Xiangjun Qian <xiangjunqian@xxxxxxxxx>wrote:

> Hi everyone,
>
> I'm currently looking at access control mechanisms of OpenStack and
> finding that the access control policy is specified using JSON format.
>
> I'm wondering why we do not adopt an XML based approach like XACML, is it
> because of the performance problem, or we just choose JSON as it's simple?
>
> Thank you very much for your feedback.
>
> Best Regards,
>
> --
> Xiangjun
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

References