Essex Keystone Authorization Structure
Registered by
Joe Savak
Provide more structure around high-level user-centered authorization by:
1. adding in capabilities that services & their endpoints provide
2. Bundling capabilities together into a "role"
3. Assigning roles to individual users or groups of users
4. Supporting restricted capabilities - (ex: John Doe has access to the "Delete Files" capability only on resource "myserver.
5. Allowing non-tenant and even non-openstack-user authorization to select resources as determined by the owning tenant admin (possibly through oAuth)
Blueprint information
- Status:
- Complete
- Approver:
- Ziad Sawalha
- Priority:
- Undefined
- Drafter:
- Joe Savak
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Not started
- Milestone target:
- None
- Started by
- Completed by
- Joseph Heck
Related branches
Related bugs
Sprints
Whiteboard
(?)