python appengine authorisation or authorization

Having settled on OpenID for authentication, I've been looking at authorisation frameworks for app-engine with the following requirements:

• be able to create and edit groups of users
• has built in permissions such as add, edit, delete
• has sensible defaults, e.g creator of an object can edit / delete but others can't

knowing enough to know that security permissions are a bad idea to self implement without a massive brain, i've been reading through django http://docs.djangoproject.com/en/dev/topics/a开发者_如何学Cuth/ and tipfy http://www.tipfy.org/wiki/extensions/acl/ to choose one that has already been cooking in the oven for a while.

It's not obvious which will be easier / more extensible so I was hoping to be able to call on experience, recommendations or other suggestions to make a sensible decision?

Based on that there are a lot of problems with django ORM and Google app engine datastore, and http://www.tipfy.org/ says that it is made specifically for Google App Engine I must suggest typfy.

2 pretty good frameworks I tried that have authorisation are GAEFramework and web2py. They are both easier to get started with than tipfy. I hope you like these.