Handling ACLs that use UserIDs in Federated Keystone

Registered by David Chadwick

Temporary user entries created for the same federated user would normally get different user IDs assigned to them by Keystone. Services that use user-ids in ACL would not normally work correctly in this environment as they would not know the user ID. This blueprint specifies a modification to Keystone that ensures that multiple sequential temporary entries created for the same federated user will get the same user-id assigned to them.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
David Chadwick
Direction:
Needs approval
Assignee:
Kristy Siu
Definition:
Superseded
Series goal:
None
Implementation:
Beta Available
Milestone target:
None
Started by
David Chadwick
Completed by
Morgan Fainberg

Related branches

Sprints

Whiteboard

(morganfainberg): Superseded by actual Federation implementation in keystone.

This code is implemented and can be demonstrated here
 http://sec.cs.kent.ac.uk/demos/
Choose demo 8

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.