openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #23096
Re: Keystone JSON format access control policy
Hey Tks man~
On Mon, Apr 29, 2013 at 3:00 PM, Dolph Mathews <dolph.mathews@xxxxxxxxx>wrote:
> The JSON approach is rather arbitrary; keystone has an API to manage &
> publish policy blobs of any format (/v3/policies), and the policy engines
> themselves are completely pluggable. I don't think there's anything
> preventing a deployment from implementing an XACML based policy solution
> (if there is a blocker to using XACML, it's certainly a bug).
>
>
> -Dolph
>
>
> On Mon, Apr 29, 2013 at 4:50 AM, Xiangjun Qian <xiangjunqian@xxxxxxxxx>wrote:
>
>> Hi everyone,
>>
>> I'm currently looking at access control mechanisms of OpenStack and
>> finding that the access control policy is specified using JSON format.
>>
>> I'm wondering why we do not adopt an XML based approach like XACML, is it
>> because of the performance problem, or we just choose JSON as it's simple?
>>
>> Thank you very much for your feedback.
>>
>> Best Regards,
>>
>> --
>> Xiangjun
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
--
Xiangjun
References