[Twisted-Python] Authentication & Access Control system for web services

Jason J. W. Williams jasonjwwilliams at gmail.com
Mon Mar 7 12:13:05 EST 2011


Hi Allen,

There's Twisted Cred you could build something on. I've also got a framework my company built internally on top of Twisted Web that I've been planning to open source once we make the unit tests more robust. Would be happy to share it with you. You decorate the render_ method with the permissions the caller must possess. 

-J

Sent via iPhone

Is your e-mail Premiere?

On Mar 7, 2011, at 8:19, Allen Bierbaum <abierbaum at gmail.com> wrote:

> I have a REST service I have implemented using twisted.web.  Based
> upon a new requirement I need to put role-based access control
> security on the service and am trying to find the most twisted way to
> do it.
> 
> I would like to have:
> - Username / password login that is checked against a backend database
> - Roles and associated privileges associated with each user
> - Administration interface to edit users, roles, and privileges
> - "Simple" way to configure the access control requirements on the
> services. (ex: which services need which roles)
> 
> Before I role my own code I wanted to check and see if there are any
> addons for this or if anyone else had attacked this problem with
> twisted and had some open source code I could look at.
> 
> I have found a couple of projects for WSGI that I may try to pull
> ideas from, but I haven't yet found anything that uses the twisted
> resource model.  (http://authkit.org/,
> http://docs.repoze.org/who/2.0/)
> 
> Any pointers to twisted projects I could leverage?
> 
> -Allen
> 
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python



More information about the Twisted-Python mailing list