RFE: Unified Delegation
Bug #1816115 reported by
Lance Bragstad
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
Both assignments and trusts serve a single purpose, to delegate roles on a resource (e.g., system, domain, project) to the actor (e.g., user or group).
This RFE proposes a new delegation model containing the following information:
- trustee (user or group)
- roles to be delegated
- resource (domain or project)
- usage restrictions
- source of delegation - actor, who delegates the scope
A valid delegation must be auditable. To allow this, keystone must maintain chain consistency and do the right thing when a chain of delegation is broken. A valid delegation must be optionally restricted so that it can be used for a defined workflow and nothing more.
tags: | added: rfe |
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
To post a comment you must log in.
Specification review: https:/ /review. openstack. org/#/c/ 189816/ specs.openstack .org/openstack/ keystone- specs/specs/ keystone/ ongoing/ unified- delegation. html
Specification doc: http://