The Must-Attend

Open Infrastructure Event

The open infrastructure landscape is changing, and so is the Summit. Now that users are integrating dozens of open source tools into a modern stack that reaches well beyond the scope of OpenStack, we’re re-organizing the event to focus on specific problem domains like container infrastructure, edge computing and CI/CD and we are focusing on the hard work of integrating all of these tools developed in disparate communities. This is the essential work of 2018 and beyond, to ensure that open infrastructure is truly a viable path for operators.

Boston
May 8-11, 2017

The Must-Attend

Open Infrastructure Event

Join the movement behind the most widely deployed open source cloud platform. Whether you are pursuing a private, hybrid or multi-cloud approach, the OpenStack Summit is the place to network, skill up and plan your cloud strategy.

Boston
May 8-11, 2017

Event Details


Per API Role Based Access Control

To do things at cloud scale, you need to design for cloud scale.  The access control mechanism in Keystone was built with large scale in mind, but earlier implementations made it hard or implossible to use.  We're working to fix that.

Current work in Keystone is moving to an  Role Based Access Control (RBAC) check based on the URL of the resource requested.  This will allow such sought after features as:

1. A read only role for audit purposes

2. Delegation of a single API to a service user

3. Discover what role is required to perform an action

4. Split a role into smaller roles

This talk is an over view of the mechanism, the method, and the madness of RBAC in OpenStack.


What can I expect to learn?
  • How to create a new role,
  • how to integrate that new role into an OpenStack deployement
  • How to link the Role to an API
  • How to set up default access for new Services
Wednesday, May 10, 4:30pm-5:10pm
Level: Intermediate
Red Hat
Adam Young is a Cloud Solutions Architect at Red Hat, responsible for helping people developer their cloud strategies. He has been a long time core developer on Keystone, the authenticationand authorization service for OpenStack. Adam has worked on various systems management tools,including the Identity Management component of Red Hat Enterprise Linux based on the FreeIPAtechnology. A 20 year... FULL PROFILE
Massachusetts Open Cloud
Kristi Nikolla is a Software Engineer with the Massachusetts Open Cloud team at Boston University. He’s currently working on OpenStack development, contributing to Keystone and leading the Mix & Match project. Kristi received an MS in Computer Science from Boston University in 2016. FULL PROFILE