There is a lot of discussion about policy. I've attempted to pull the
majority of the work into a single document that explains the process in
a step-by-step manner:
http://adam.younglogic.com/2014/11/dynamic-policy-in-keystone/
Its really long, so I won't bother reposting the whole article here.
Instead, I will post the links to the topic on Gerrit.
https://review.openstack.org/#/q/topic:dynamic-policy,n,z
There is one additional review worth noting:
https://review.openstack.org/#/c/133855/
Which is for "private groups of roles" specific to a domain. This is
related, but not part of the critical path for the things I wrote above.
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev