Uniqueness of ACLs with Keystone V3

Registered by Alexandra Shulman-Peleg on 2013-02-07

This blueprint has been superseded. See the newer blueprint "Add support for authentication using keystone v3 API" for updated plans.

Currently Swift API allows granting access by providing either a tenant name or ID on ACLs. With the introduction of projects and private domains in Keystone V3 this will become a project name or ID, where only the project ID is globally unique. When migrating existing deployments to Keystone V3 there is a need to ensure that the descriptors on ACLs are unique and a user from domain A, working on project "myproject" can not access the data of a user from domain B working on a different "myproject". There might be existing applications working above Swift using project names and not IDs. To allow backward compatibility and preserve a user friendly option of project names, a domain identifier (in a form of an optional x-domain-id header) will be added to container metadata. During the container creation process, this identifier will be extracted from the token of the creator and added to the container meta data. When evaluating the ACLs and comparing the project name on ACLs with the one in the token of the accessing user, the acl.py middleware will check that the container and the user belong to the same domain. If the ACLs are ambiguous and do not uniquely identify the project, cross domain access will be denied. In order to allow cross domain access, there will be a need to explicitly specify a unique project ID on the ACLs. These changes will not influence the systems working with other authentication middleware (e.g. tempauth).

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Alexandra Shulman-Peleg
Direction:
Needs approval
Assignee:
Alexandra Shulman-Peleg
Definition:
Superseded
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
John Dickinson on 2014-10-14

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.