"Admin can do everything!" has been a common lament, heard for multiple summits. Its more than just a development issue. I'd like to fix that. I think we all would. I'm looking to get some Operator input on the Dynamic Policy issue. I wrote up a general overview last fall, after the Kilo summit: https://adam.younglogic.com/2014/11/dynamic-policy-in-keystone/ Some of what I am looking at is: what are the general roles that Operators would like to have by default when deploying OpenStack? I've submitted a talk about policy for the Summit: https://www.openstack.org/vote-vancouver/presentation/dynamic-policy-for-access-control If you want, please vote for it, but even if it does not get selected, I'd like to discuss Policy with the operators at the summit, as input to the Keystone development effort. Feedback greatly welcome.