[Openstack] Keystone JSON format access control policy
Hi everyone, I'm currently looking at access control mechanisms of OpenStack and finding that the access control policy is specified using JSON format. I'm wondering why we do not adopt an XML based approach like XACML, is it because of the performance problem, or we just choose JSON as it's simple? Thank you very much for your feedback. Best Regards, -- Xiangjun ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone JSON format access control policy
The JSON approach is rather arbitrary; keystone has an API to manage publish policy blobs of any format (/v3/policies), and the policy engines themselves are completely pluggable. I don't think there's anything preventing a deployment from implementing an XACML based policy solution (if there is a blocker to using XACML, it's certainly a bug). -Dolph On Mon, Apr 29, 2013 at 4:50 AM, Xiangjun Qian xiangjunq...@gmail.comwrote: Hi everyone, I'm currently looking at access control mechanisms of OpenStack and finding that the access control policy is specified using JSON format. I'm wondering why we do not adopt an XML based approach like XACML, is it because of the performance problem, or we just choose JSON as it's simple? Thank you very much for your feedback. Best Regards, -- Xiangjun ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] Keystone JSON format access control policy
Hey Tks man~ On Mon, Apr 29, 2013 at 3:00 PM, Dolph Mathews dolph.math...@gmail.comwrote: The JSON approach is rather arbitrary; keystone has an API to manage publish policy blobs of any format (/v3/policies), and the policy engines themselves are completely pluggable. I don't think there's anything preventing a deployment from implementing an XACML based policy solution (if there is a blocker to using XACML, it's certainly a bug). -Dolph On Mon, Apr 29, 2013 at 4:50 AM, Xiangjun Qian xiangjunq...@gmail.comwrote: Hi everyone, I'm currently looking at access control mechanisms of OpenStack and finding that the access control policy is specified using JSON format. I'm wondering why we do not adopt an XML based approach like XACML, is it because of the performance problem, or we just choose JSON as it's simple? Thank you very much for your feedback. Best Regards, -- Xiangjun ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp -- Xiangjun ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
