[openstack-dev] [Keystone] Token Verify Role Check
Adam Young
ayoung at redhat.com
Thu Nov 3 13:08:02 UTC 2016
There has been a lot of talk about Policy this past summit and release.
Based on feedback, we've come up with the following spec to address it.
https://review.openstack.org/#/c/391624/
The idea is that we are going to split the role check off from the
existing policy checks. The role check will happen at token validation
time. The existing policy checks will still be executed in the body of
the code bases where they are now, as they confirm additional attributes
about the operations and resources.
It is the amalgamation of work by many people, and I've attempted to
list them all at the bottom.
Comments highly appreciated, either in the review or in this thread.
More information about the OpenStack-dev
mailing list