Boston
May 8-11, 2017

Event Details


Per API Role Based Access Control

To do things at cloud scale, you need to design for cloud scale.  The access control mechanism in Keystone was built with large scale in mind, but earlier implementations made it hard or implossible to use.  We're working to fix that.

Current work in Keystone is moving to an  Role Based Access Control (RBAC) check based on the URL of the resource requested.  This will allow such sought after features as:

1. A read only role for audit purposes

2. Delegation of a single API to a service user

3. Discover what role is required to perform an action

4. Split a role into smaller roles

This talk is an over view of the mechanism, the method, and the madness of RBAC in OpenStack.


What can I expect to learn?
  • How to create a new role,
  • how to integrate that new role into an OpenStack deployement
  • How to link the Role to an API
  • How to set up default access for new Services
Wednesday, May 10, 4:30pm-5:10pm
Level: Intermediate
Red Hat
Adam Young is a Cloud Solutions Architect at Red Hat, responsible for helping people developer their cloud strategies. He has been a long time core developer on Keystone, the authenticationand authorization service for OpenStack. Adam has worked on various systems management tools,including the Identity Management component of Red Hat Enterprise Linux based on the FreeIPAtechnology. A 20 year... FULL PROFILE
Massachusetts Open Cloud
Kristi Nikolla is a Software Engineer with the Massachusetts Open Cloud team at Boston University. He’s currently working on OpenStack development, contributing to Keystone and leading the Mix & Match project. Kristi received an MS in Computer Science from Boston University in 2016. FULL PROFILE