OpenStack Identity (keystone)

A Policy Administration Service for Openstack

Registered by Ioram Schechtman Sette on 2014-11-14

This blueprint has been superseded. See the newer blueprint "Centralized Policies Distribution" for updated plans.

This document describes a model of a policy administrative point (PAP) service for Openstack clouds. The service could be a separate stand alone OpenStack service, or it could be integrated into Keystone. The PAP service will be responsible for keeping and updating authorisation policies, which are currently spread over the Openstack services (Nova, Cinder, Glance etc.).

Read the full specification

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: Ioram Schechtman Sette

Direction:: Needs approval

Assignee:: None

Definition:: Superseded

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Completed by: Steve Martinelli on 2016-02-03

Related branches

Related bugs

Sprints

ahmed

Whiteboard

What is needed beyond the policy API? I assume rule level management, and the ability to compose new policies out of existing ones?

(stevemar) 16-02-02: marking this as superseded by dynamic-policies-delivery, since they seem to aim for accomplish the same goal

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

David Chadwick