I have a REST service I have implemented using twisted.web. Based upon a new requirement I need to put role-based access control security on the service and am trying to find the most twisted way to do it. I would like to have: - Username / password login that is checked against a backend database - Roles and associated privileges associated with each user - Administration interface to edit users, roles, and privileges - "Simple" way to configure the access control requirements on the services. (ex: which services need which roles) Before I role my own code I wanted to check and see if there are any addons for this or if anyone else had attacked this problem with twisted and had some open source code I could look at. I have found a couple of projects for WSGI that I may try to pull ideas from, but I haven't yet found anything that uses the twisted resource model. (http://authkit.org/, http://docs.repoze.org/who/2.0/) Any pointers to twisted projects I could leverage? -Allen