Based on the thread entitled [all][policy][keystone] Better Policy Model and
Representing Capabilites from October 20, I wrote some code to pull a
policy.json file into Congress and figure out what roles are necessary to give
access to a specific API call.
So if bundling this kind of functionality into Congress is a reasonable way
forward, it seems doable technically. We’re happy to help in any case, so let
us know!
Tim
-- Forwarded message --
From: Ioram Schechtman Sette mailto:i...@cin.ufpe.br>>
Date: Tue, Nov 18, 2014 at 5:52 AM
Subject: [openstack-dev] [Keystone] New Policy Administration Service
To: openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>
Hi all,
In Paris, on the last day, we listed the new features that we would like to see
in the next release of Keystone.
The top 3 were chosen as high priority.
Further down the list was a policy administration service that will collect
policies from all the Openstack services and allow the Keystone administrator
to ask the question "what role do I need to assign to a user to give access to
these services?" and will allow users to ask the question "what can I access
with my roles?".
We have now started to design and build this service. An important design
decision is "should this service be integrated with Keystone or be a separated
standalone Openstack service?" What does the Keystone group think?
If policy administration should be a separate service, what is the process to
register blueprints, apis and code reviews?
Regards,
Ioram and David
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
