Not exactly what you want but you may consider Google ACL XML[1]. If there aren't any system integration restrictions you can do what you think it's best... for now.
[1] https://developers.google.com/storage/docs/accesscontrol#applyacls ---------------------------------------- > Date: Fri, 24 May 2013 01:18:06 -0700 > Subject: Using ACLs in JSON > From: peter.h.m.bro...@gmail.com > To: python-list@python.org > > I'm designing a system that should allow different views to different > audiences. I understand that I can use application logic to control > the access security, but it seems to me that it'd make more sense to > have this documented in the data-stream so that it's data-driven. > > I was wondering if there was any standard way of doing this in JSON. > Alternatively, is there a better way of organising this in Python > that's compatible with JSON? > > I've put an example of the sort of thing that I mean below. The idea > is that this object is accessible for viewing or deleting by the role > 'HR' and available for change only to the owner of the record itself. > In addition, the record can be viewed by those with the role > 'manager'. The syntax may be wrong, but I hope that my intention is > reasonably clear. > > Is there an existing practice or standard for doing this sort of > thing? > > { > "title" : "Example Schema", > "type" : "object", > "version" : "1.0", > "properties": { > "firstname" : { > "type": "string" > }, > "lastname" : { > "type": "string" > }, > "age" : { > "description" : "Age in years", > "type": "integer", > "minimum": 0 > } > }, > "ACL-view": ["HR","Manager",["firstname","lastname"]], > "ACL-change": ["firstname","Lastname"], > "ACL-delete": ["HR"], > "required": ["firstname","lastname"] > } > -- > http://mail.python.org/mailman/listinfo/python-list > -- http://mail.python.org/mailman/listinfo/python-list
