Difference between revisions of "Keystone-Essex-BP-AuthZ"
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | {{OldDesignPage}} | |
| + | |||
'''Goals:''' | '''Goals:''' | ||
| Line 7: | Line 8: | ||
* Map users and groups to roles | * Map users and groups to roles | ||
| − | [[Image: | + | [[Image:ProposedKeystoneAuthZStructure.png]] |
Latest revision as of 07:06, 22 September 2013
|
Old Design Page
This page was used to help design a feature for a previous release of OpenStack. It may or may not have been implemented. As a result, this page is unlikely to be updated and could contain outdated information. It was last updated on 2013-09-22 |
Goals:
- Support a capability model (Ex: Delete Files) by allowing services identify capabilities by endpoint
- Map capabilities to role, allowing a role to span multiple endpoints & services
- Allow restrictions on capabilities to certain resources (ex: John Doe may have access to Delete Files but only on myserver.server.com).
- Map users and groups to roles
