yahoo-eng-team team mailing list archive

[Lance Bragstad <lbragstad@xxxxxxxxx>]

Public bug reported:

Both assignments and trusts serve a single purpose, to delegate roles on
a resource (e.g., system, domain, project) to the actor (e.g., user or
group).

This RFE proposes a new delegation model containing the following
information:

 - trustee (user or group)
 - roles to be delegated
 - resource (domain or project)
 - usage restrictions
 - source of delegation - actor, who delegates the scope

A valid delegation must be auditable. To allow this, keystone must
maintain chain consistency and do the right thing when a chain of
delegation is broken. A valid delegation must be optionally restricted
so that it can be used for a defined workflow and nothing more.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1816115

Title:
  RFE: Unified Delegation

Status in OpenStack Identity (keystone):
  New

Bug description:
  Both assignments and trusts serve a single purpose, to delegate roles
  on a resource (e.g., system, domain, project) to the actor (e.g., user
  or group).

  This RFE proposes a new delegation model containing the following
  information:

   - trustee (user or group)
   - roles to be delegated
   - resource (domain or project)
   - usage restrictions
   - source of delegation - actor, who delegates the scope

  A valid delegation must be auditable. To allow this, keystone must
  maintain chain consistency and do the right thing when a chain of
  delegation is broken. A valid delegation must be optionally restricted
  so that it can be used for a defined workflow and nothing more.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1816115/+subscriptions