Handling ACLs that use UserIDs in Federated Keystone

Registered by David Chadwick on 2013-04-04

Temporary user entries created for the same federated user would normally get different user IDs assigned to them by Keystone. Services that use user-ids in ACL would not normally work correctly in this environment as they would not know the user ID. This blueprint specifies a modification to Keystone that ensures that multiple sequential temporary entries created for the same federated user will get the same user-id assigned to them.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
David Chadwick
Direction:
Needs approval
Assignee:
Kristy Siu
Definition:
Superseded
Series goal:
None
Implementation:
Beta Available
Milestone target:
None
Started by
David Chadwick on 2013-04-14
Completed by
Morgan Fainberg on 2014-10-20

Related branches

Sprints

Whiteboard

(morganfainberg): Superseded by actual Federation implementation in keystone.

This code is implemented and can be demonstrated here
 http://sec.cs.kent.ac.uk/demos/
Choose demo 8

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.