In preparation for and input to today's design summit session on
Authorisation at 11.50am, I thought it might be beneficial to remind
folks of the proposed design that was circulated by me at the end of the
long discussion on the format of a scoped role, that was held at the end
of last year on this list. Here it is:
{
"role": {
"id": "76e72a",
"domain_id" = "--id--", (optional, if present, role is named by
specific domain)
"project_id" = "--id--", (optional, if present, role is named
by project)
"service_id" = "--id--", (optional, if present, role is named
by service)
"name": "---role_name---", (must be unique when combined with
domain, project and service ids)
"scope": {"id": "---id---", (resource_id)
"type": "service | file | domain etc.",
"endpoint":"---endpoint---"
}
}
}
regards
David
_______________________________________________
OpenStack-dev mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
