[openstack-dev] [keystone/swift] role-based access cotrol in swift
Osanai, Hisashi
osanai.hisashi at jp.fujitsu.com
Fri Jul 11 03:17:44 UTC 2014
Hi,
I looked for info about role-based access control in swift because
I would like to prohibit PUT operations to containers like create
containers and set ACLs.
Other services like Nova, Cinder have "policy.json" file but Swift doesn't.
And I found out the following info.
- Swift ACL's migration
- Centralized policy management
Do you have detail info for above?
http://dolphm.com/openstack-juno-design-summit-outcomes-for-keystone/
---
Migrate Swift ACL's from a highly flexible Tenant ID/Name basis, which worked reasonably well against Identity API v2, to strictly be based on v3 Project IDs. The driving requirement here is that Project Names are no longer globally unique in v3, as they're only unique within a top-level domain.
---
Centralized policy management
Keystone currently provides an unused /v3/policies API that can be used to centralize policy blob management across OpenStack.
Best Regards,
Hisashi Osanai
More information about the OpenStack-dev
mailing list