[openstack-dev] [keystone] Service scoped role definition
David Chadwick
d.w.chadwick at kent.ac.uk
Thu May 15 10:20:24 UTC 2014
In preparation for and input to today's design summit session on
Authorisation at 11.50am, I thought it might be beneficial to remind
folks of the proposed design that was circulated by me at the end of the
long discussion on the format of a scoped role, that was held at the end
of last year on this list. Here it is:
{
"role": {
"id": "76e72a",
"domain_id" = "--id--", (optional, if present, role is named by
specific domain)
"project_id" = "--id--", (optional, if present, role is named
by project)
"service_id" = "--id--", (optional, if present, role is named
by service)
"name": "---role_name---", (must be unique when combined with
domain, project and service ids)
"scope": {"id": "---id---", (resource_id)
"type": "service | file | domain etc.",
"endpoint":"---endpoint---"
}
}
}
regards
David
More information about the OpenStack-dev
mailing list