Boston
May 8-11, 2017

Event Details

Please note: All times listed below are in Central Time Zone


Per API Role Based Access Control

To do things at cloud scale, you need to design for cloud scale.  The access control mechanism in Keystone was built with large scale in mind, but earlier implementations made it hard or implossible to use.  We're working to fix that.

Current work in Keystone is moving to an  Role Based Access Control (RBAC) check based on the URL of the resource requested.  This will allow such sought after features as:

1. A read only role for audit purposes

2. Delegation of a single API to a service user

3. Discover what role is required to perform an action

4. Split a role into smaller roles

This talk is an over view of the mechanism, the method, and the madness of RBAC in OpenStack.


What can I expect to learn?
  • How to create a new role,
  • how to integrate that new role into an OpenStack deployement
  • How to link the Role to an API
  • How to set up default access for new Services
Wednesday, May 10, 4:30pm-5:10pm (8:30pm - 9:10pm UTC)
Difficulty Level: Intermediate
Red Hat
Adam Young is a Cloud Solutions Architect at Red Hat, responsible for helping people develope their cloud strategies. He has been a long time core developer on Keystone, the authentication and authorization service for OpenStack. Adam has worked on various systems management tools, including the Identity Management component of Red Hat Enterprise Linux based on the FreeIPA technology. A 20 year... FULL PROFILE
Boston University, Senior Software Engineer
Kristi Nikolla is a Sr. Software Engineer at the Mass Open Cloud and New England Research Cloud, working out of Boston University. He has been an active contributor of OpenStack since 2016, and is currently a maintainer of the Keystone project and a former PTL, as well as a member of the OpenStack Technical Committee. FULL PROFILE