Jump to: navigation, search

Keystone-Essex-BP-AuthZ

Warning.svg Old Design Page

This page was used to help design a feature for a previous release of OpenStack. It may or may not have been implemented. As a result, this page is unlikely to be updated and could contain outdated information. It was last updated on 2013-09-22

Goals:

  • Support a capability model (Ex: Delete Files) by allowing services identify capabilities by endpoint
  • Map capabilities to role, allowing a role to span multiple endpoints & services
  • Allow restrictions on capabilities to certain resources (ex: John Doe may have access to Delete Files but only on myserver.server.com).
  • Map users and groups to roles

ProposedKeystoneAuthZStructure.png

Retrieved from "https://wiki.openstack.org/w/index.php?title=Keystone-Essex-BP-AuthZ&oldid=30480"