I'm interested on building such an API, like some building blocks that wold fit on AppEngine restrictions without performance problems. Anyone interested on starting up some building blocks? One nice thing about building an ACL, or more explicity, an Authentication/Authorization API is that we can also build other libraries that can be shared, and they all honor the same authorization scheme.
My first implementation was to build some interfaces for the API (Account, Permission) and then setup a simple ListProperty set of permissions and store the Account permissions on the same Entity (fast gets, no grouping of permissions, some interesting filtering schemes). Then, all modules that have some authorization requirement will contribute whith their own permissinos. An Account has a getKeyring() method that holds an Account specific permissions. In such cenario, if you are using Guice AOP, for example, you can try some nice interceptors to validate methods like this: @AuthorizationRequired(validPermissions=Blog.CAN_POST) public void postBlog(Blog entry) { ... } Not sure if I missunderstood your needs Brandon, but let me know if you want to start working on something like that. Best Regards, -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/WkltZm4tSjVscDRK. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.