Keystone-Essex-BP-AuthZ

Goals:

• Support a capability model (Ex: Delete Files) by allowing services identify capabilities by endpoint
• Map capabilities to role, allowing a role to span multiple endpoints & services
• Allow restrictions on capabilities to certain resources (ex: John Doe may have access to Delete Files but only on myserver.server.com).
• Map users and groups to roles