[all][operator][policy] Operator feedback on 'Consistent and Secure RBAC" (new design for RBAC)
gmann at ghanshyammann.com
Tue Jun 7 18:05:40 UTC 2022
As you might know, we are redesigning the OpenStack default RBAC. The new design target two things:
1. 'new defaults (reader role)'
2. "Scope" concept
It is hard to explain the details in email but the below doc is a good place to start understanding this:
We as a community think 1st target (reader role) is a good thing to do and it will definitely be useful
in many cases.
But we need feedback on the "Scope" concept. To understand what it is and how it can impact your existing
use case/deployment, please ref the documentation mentioned in the etherpad (if there is any question
about its design/usage we are planning, feel free to reply here or contact us in #openstack-tc IRC channel).
* If you are an operator, we really need your feedback if the 'Scope' concept is a useful thing for your deployment/use-case
* If you are attending events have operators also attending (for example, project operator feedback (like nova), forum sessions
in berlin summit, ops meetup or any local operator event), please communicate about the required feedback.
* Due to various reasons, many of us involved in RBAC work are not travelling to Berlin and
we have this topic to be discussed in Berlin ops meetup but we require someone knowing RBAC new design moderate
this topic. Please reach out to us if you would like to help.
Central Etherpad to collect feedback (this can be used to collect from various forums/places):
More information about the openstack-discuss