Based on the thread entitled [all][policy][keystone] Better Policy Model and Representing Capabilites from October 20, I wrote some code to pull a policy.json file into Congress and figure out what roles are necessary to give access to a specific API call.
So if bundling this kind of functionality into Congress is a reasonable way forward, it seems doable technically. We’re happy to help in any case, so let us know! Tim ---------- Forwarded message ---------- From: Ioram Schechtman Sette <[email protected]<mailto:[email protected]>> Date: Tue, Nov 18, 2014 at 5:52 AM Subject: [openstack-dev] [Keystone] New Policy Administration Service To: [email protected]<mailto:[email protected]> Hi all, In Paris, on the last day, we listed the new features that we would like to see in the next release of Keystone. The top 3 were chosen as high priority. Further down the list was a policy administration service that will collect policies from all the Openstack services and allow the Keystone administrator to ask the question "what role do I need to assign to a user to give access to these services?" and will allow users to ask the question "what can I access with my roles?". We have now started to design and build this service. An important design decision is "should this service be integrated with Keystone or be a separated standalone Openstack service?" What does the Keystone group think? If policy administration should be a separate service, what is the process to register blueprints, apis and code reviews? Regards, Ioram and David _______________________________________________ OpenStack-dev mailing list [email protected]<mailto:[email protected]> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
