[Openstack] [OpenStack][Keystone][new_service]

B.M.Canning bmc20 at kent.ac.uk
Wed Aug 15 15:29:22 UTC 2018

Dear OpenStackers,

Hello, I'm new to the list.

I would like to know what support is available for creating a new
OpenStack service that contains role-based access control components,
such as a Policy Decision Point (PDP), inside the new service.

I have come across oslo.policy in my research, is this what other OpenStack
components use for their PEP, PDP, PAP and PIP? If so, what resources are
available to help developers use this framework in their projects?

As part of my MSc degree in computer science, I am conducting a research
project into the application of self-adaptation in authorisation
infrastructures as a means of mitigation against insider threats towards
cloud computing infrastructures. I'm using Keystone as a role-based
access control system to protect access to a web-based game, and actions
that a player can perform in the game, which represents computing
resources, here snakes and ladders. Cheating in the game represents the
malicious behaviour of an insider threat, to which the authorisation
infrastructure responds by reducing/removing the user's privileges. The
intention is to have the game represent an OpenStack service, like
Swift. I am currently using the Queens release of Keystone and v3 of the
API for both service-level and infrastructure-level policy decisions.

Best wishes,
Bruno Canning

School of Computing, University of Kent

More information about the Openstack mailing list