Hi Tim
I was implying that the addRole operation would not be used or needed in
the federation case, because all user roles are initially created by
IdPs and then by attribute mappings.
I was not saying anything about the various admin roles that might exist
because as I understand it, there is
Hi David,
See below.
On 5/7/15, 1:01 AM, David Chadwick d.w.chadw...@kent.ac.uk wrote:
Hi Tim
On 06/05/2015 21:53, Tim Hinrichs wrote:
I wondered if we could properly protect the API call for adding a new
Role using the current mechanism. So I came up with a simple example.
Suppose we
Hi Tim
On 06/05/2015 21:53, Tim Hinrichs wrote:
I wondered if we could properly protect the API call for adding a new
Role using the current mechanism. So I came up with a simple example.
Suppose we want to write policy about the API call: addRole(user,
role-name). If we’re hosting both
On 05/06/2015 06:54 PM, Hu, David J (Converged Cloud) wrote:
david8hu One of the first thing we have to do is get all of our
glossary straight J I am starting to hear about “capability”. Are we
talking about “rule” in oslo policy terms? Or “action” in nova policy
terms? Or this is something
On Thursday, May 7, 2015, Adam Young ayo...@redhat.com wrote:
On 05/06/2015 06:54 PM, Hu, David J (Converged Cloud) wrote:
david8hu One of the first thing we have to do is get all of our glossary
straight J I am starting to hear about “capability”. Are we talking
about “rule” in oslo
Nice summary Henry. My comments in brown.
From: Adam Young [mailto:ayo...@redhat.com]
Sent: Tuesday, May 5, 2015 8:35 PM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [keystone] On dynamic policy, role
hierarchies/groups/sets etc.
On 05/05/2015 07:05 AM, Henry Nash wrote
@lists.openstack.orgmailto:openstack-dev@lists.openstack.org
openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [keystone] On dynamic policy, role
hierarchies/groups/sets etc.
On 05/05/2015 07:05 AM, Henry Nash wrote:
We’ve been discussing changes to these areas
On 05/05/2015 07:05 AM, Henry Nash wrote:
We’ve been discussing changes to these areas for a while - and
although I think there is general agreement among the keystone cores
that we need to change *something*, we’ve been struggling to get
agreement on exactly how.. So to try and ground the
We’ve been discussing changes to these areas for a while - and although I think
there is general agreement among the keystone cores that we need to change
*something*, we’ve been struggling to get agreement on exactly how.. So to try
and ground the discussion that will (I am sure) occur in