Difference between revisions of "Keystone-Essex-BP-AuthZ"
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | {{OldDesignPage}} | |
− | [[Image: | + | |
+ | '''Goals:''' | ||
+ | |||
+ | * Support a capability model (Ex: Delete Files) by allowing services identify capabilities by endpoint | ||
+ | * Map capabilities to role, allowing a role to span multiple endpoints & services | ||
+ | * Allow restrictions on capabilities to certain resources (ex: John Doe may have access to Delete Files but only on myserver.server.com). | ||
+ | * Map users and groups to roles | ||
+ | |||
+ | [[Image:ProposedKeystoneAuthZStructure.png]] |
Latest revision as of 07:06, 22 September 2013
Goals:
- Support a capability model (Ex: Delete Files) by allowing services identify capabilities by endpoint
- Map capabilities to role, allowing a role to span multiple endpoints & services
- Allow restrictions on capabilities to certain resources (ex: John Doe may have access to Delete Files but only on myserver.server.com).
- Map users and groups to roles