Link the Catalog to the Identity Backend
Registered by
Adam Young
Right now, there is no association between the endpoints and services returned from Keystone and the user that is requesting the catalog, whether directly, via a token request, or token validation. In addition, there is no way to determine whether a token scoped to a service or an end point should be allowed for a given user/endpoint.
A first step is to identify the policy that will drive the association. By default, all users see all endpoints (now). However, endpoints can be potentially scoped to tenants or domains. If an endpoint is scoped, it should only be returned on queries from users that would have access to that scope.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Superseded
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Adam Young
Related branches
Related bugs
Sprints
Whiteboard
(?)