Hi all, I spent some time today summarizing a discussion [0] about global roles. I figured it would help build some context for next week as there are a couple cross project policy/RBAC sessions at the Forum. The first patch is a very general document trying to nail down our policy goals [1]. The second is a proposed roadmap (given the existing patches and direction) of how we can mitigate several of the security issues we face today with policy across OpenStack [2]. Feel free to poke holes as it will hopefully lead to productive discussions next week. Thanks! [0] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2017-05-04.log.html#t2017-05-04T15:00:41 [1] https://review.openstack.org/#/c/460344/7 [2] https://review.openstack.org/#/c/462733/3 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170504/fcfc2385/attachment.html>