On 04/17/2014 02:15 AM, Reza Bakhshayeshi wrote: > Hi, > > I want to integrate an external service with keystone, in a way that > only an authorized user in keystone could make access to that service. > In the simplest form, consider it as a web service which receive the > user's request and return a specific feature of his/her instance. > Surely, users should be unable to see other's instance specifications, > and must be authorized in the keystone. > What do you think is the best way of performing this scenario? Use RBAC, create a Role specific to your new service, and only assign that role to people that you trust. Create a policy file that checks for that the calling user has that role before any operations. > > Thanks, > Reza > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140420/13bbf76c/attachment.html>