[Twisted-web] Role-based security authorization

Jacek Furmankiewicz jacek99 at gmail.com
Tue Sep 6 10:46:30 EDT 2011

While reading up the docs on Twisted security and HTTP auth, it seems they
are all geared towards pure authentication,
but don't address the authorization part.

For example, in our other apps we often have a security setup like this

a) users with READ_ONLY_ROLE can only access GET endpoints
b) users with READ_WRITE_ROLE can access GET, POST, PUT, DELETE endpoints

Is there any existing Twisted-based projects that provides a role-based
authorization framework on top of the core Twisted authentication APIs?
It would need a custom Avator with roles attached to it (fetched from DB or

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-web/attachments/20110906/99ba84f0/attachment.htm 

More information about the Twisted-web mailing list