Jump to: navigation, search

Difference between revisions of "Keystone-Essex-BP-AuthZ"

Line 2: Line 2:
 
'''Goals:'''
 
'''Goals:'''
  
* Support a capability model by allowing services identify capabilities by endpoint
+
* Support a capability model (Ex: Delete Files) by allowing services identify capabilities by endpoint
 
* Map capabilities to role, allowing a role to span multiple endpoints & services
 
* Map capabilities to role, allowing a role to span multiple endpoints & services
 +
* Allow restrictions on capabilities to certain resources (ex: John Doe may have access to Delete Files but only on myserver.server.com).
 
* Map users and groups to roles
 
* Map users and groups to roles
  
 
[[Image:Keystone-Essex-BP-AuthZ$ProposedKeystoneAuthZStructure.png]]
 
[[Image:Keystone-Essex-BP-AuthZ$ProposedKeystoneAuthZStructure.png]]

Revision as of 18:54, 7 September 2011

Goals:

  • Support a capability model (Ex: Delete Files) by allowing services identify capabilities by endpoint
  • Map capabilities to role, allowing a role to span multiple endpoints & services
  • Allow restrictions on capabilities to certain resources (ex: John Doe may have access to Delete Files but only on myserver.server.com).
  • Map users and groups to roles

File:Keystone-Essex-BP-AuthZ$ProposedKeystoneAuthZStructure.png

Retrieved from "https://wiki.openstack.org/w/index.php?title=Keystone-Essex-BP-AuthZ&oldid=851"