[openstack-dev] [Keystone] New Policy Administration Service

Ioram Schechtman Sette iss at cin.ufpe.br
Tue Nov 18 13:52:35 UTC 2014


Hi all,

In Paris, on the last day, we listed the new features that we would like to
see in the next release of Keystone.
The top 3 were chosen as high priority.

Further down the list was a policy administration service that will collect
policies from all the Openstack services and allow the Keystone
administrator to ask the question "what role do I need to assign to a user
to give access to these services?" and will allow users to ask the question
"what can I access with my roles?".

We have now started to design and build this service. An important design
decision is "should this service be integrated with Keystone or be a
separated standalone Openstack service?" What does the Keystone group think?

If policy administration should be a separate service, what is the process
to register blueprints, apis and code reviews?

Regards,
Ioram and David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141118/0b161348/attachment.html>


More information about the OpenStack-dev mailing list