A Role Mapping Service for the Keystone Identity Server
In order to fully realize both federated identity management in Keystone and several use cases of a centralised Keystone, a service must be introduced to allow administrators of organisations to translate a large and varying set of their organisational attributes (or roles) issued by themselves or any Identity Provider in the supported federation(s), into the service roles assigned by the Openstack administrator to determine the usage permissions for the cloud services that are available. We propose that this “Role Mapping” service be implemented as part of Keystone and the specification describes this service.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- Kristy Siu
- Definition:
- Superseded
- Series goal:
- None
- Implementation:
- Beta Available
- Milestone target:
- None
- Started by
- Kristy Siu
- Completed by
- Morgan Fainberg
Related branches
Related bugs
Sprints
Whiteboard
This has been implemented via the Federated implementation in keystone, marking as superseded.
Gerrit topic: https:/
Addressed by: https:/
Added attribute mapping service