diff --git a/tacker/api/v1/base.py b/tacker/api/v1/base.py
index 797618c70..9aef532fa 100644
--- a/tacker/api/v1/base.py
+++ b/tacker/api/v1/base.py
@@ -488,6 +488,7 @@ class Controller(object):
         if is_create and 'tenant_id' not in res_dict:
             if context.tenant_id:
                 res_dict['tenant_id'] = context.tenant_id
+                res_dict['project_id'] = context.tenant_id
             else:
                 msg = _("Running without keystone AuthN requires "
                         "that tenant_id is specified")
@@ -591,7 +592,13 @@ class Controller(object):
 
     @staticmethod
     def _verify_attributes(res_dict, attr_info):
-        extra_keys = set(res_dict.keys()) - set(attr_info.keys())
+        # TODO(h-asahina): The `project_id` is not included in attr_info, but
+        # it is used as an alternative of `tenant_id` which is already
+        # deprecated in oslo.context. Excluding `project_id` from the
+        # verification is a workaround to avoid directly modifying attr_info
+        # which has a strong influence on the existing code.
+        excluded = {'project_id'}
+        extra_keys = set(res_dict.keys()) - set(attr_info.keys()) - excluded
         if extra_keys:
             msg = _("Unrecognized attribute(s) '%s'") % ', '.join(extra_keys)
             raise webob.exc.HTTPBadRequest(msg)
diff --git a/tacker/context.py b/tacker/context.py
index 2dcde9e11..b5746ac7e 100644
--- a/tacker/context.py
+++ b/tacker/context.py
@@ -103,7 +103,6 @@ class ContextBase(oslo_context.RequestContext):
 
     def to_policy_values(self):
         values = super(ContextBase, self).to_policy_values()
-        values['tenant_id'] = self.project_id
         values['is_admin'] = self.is_admin
 
         # NOTE(jamielennox): These are almost certainly unused and non-standard
@@ -150,7 +149,7 @@ class ContextBase(oslo_context.RequestContext):
             authorized and False if not authorized and fatal is False.
         """
         if target is None:
-            target = {'tenant_id': self.tenant_id,
+            target = {'project_id': self.tenant_id,
                       'user_id': self.user_id}
         try:
             return policy.authorize(self, action, target)
diff --git a/tacker/policies/base.py b/tacker/policies/base.py
index e7812a016..bd2caebf5 100644
--- a/tacker/policies/base.py
+++ b/tacker/policies/base.py
@@ -28,7 +28,7 @@ rules = [
         "Decides what is required for the 'is_admin:True' check to succeed."),
     policy.RuleDefault(
         "admin_or_owner",
-        "is_admin:True or tenant_id:%(tenant_id)s",
+        "is_admin:True or project_id:%(project_id)s",
         "Default rule for most non-Admin APIs."),
     policy.RuleDefault(
         "admin_only",
diff --git a/tacker/tests/etc/policy.yaml b/tacker/tests/etc/policy.yaml
index 87439085e..4a008271e 100644
--- a/tacker/tests/etc/policy.yaml
+++ b/tacker/tests/etc/policy.yaml
@@ -1,4 +1,4 @@
-"admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s"
+"admin_or_owner": "rule:context_is_admin or project_id:%(project_id)s"
 "admin_only": "rule:context_is_admin"
 "regular_user": ""
 "shared": "field:vims:shared=True"
diff --git a/tacker/tests/unit/test_auth.py b/tacker/tests/unit/test_auth.py
index ffda641b6..2ad9edc97 100644
--- a/tacker/tests/unit/test_auth.py
+++ b/tacker/tests/unit/test_auth.py
@@ -72,7 +72,6 @@ class TackerKeystoneContextTestCase(test_base.BaseTestCase):
         response = self.request.get_response(self.middleware)
         self.assertEqual('200 OK', response.status)
         self.assertEqual('testuserid', self.context.user_id)
-        self.assertEqual('testuserid', self.context.user)
 
     def test_with_tenant_id(self):
         self.request.headers['X_PROJECT_ID'] = 'testtenantid'