A Role Mapping Service for the Keystone Identity Server

Registered by Kristy Siu on 2012-11-23

In order to fully realize both federated identity management in Keystone and several use cases of a centralised Keystone, a service must be introduced to allow administrators of organisations to translate a large and varying set of their organisational attributes (or roles) issued by themselves or any Identity Provider in the supported federation(s), into the service roles assigned by the Openstack administrator to determine the usage permissions for the cloud services that are available. We propose that this “Role Mapping” service be implemented as part of Keystone and the specification describes this service.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
Kristy Siu
Definition:
Superseded
Series goal:
None
Implementation:
Beta Available
Milestone target:
None
Started by
Kristy Siu on 2013-04-15
Completed by
Morgan Fainberg on 2014-10-17

Related branches

Sprints

Whiteboard

This has been implemented via the Federated implementation in keystone, marking as superseded.

Gerrit topic: https://review.openstack.org/#q,topic:bp/role-mapping-service-keystone,n,z

Addressed by: https://review.openstack.org/18280
    Added attribute mapping service

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.