The Must-Attend

Open Infrastructure Event

The world runs on open infrastructure. At the OpenStack Summit, you’ll learn about the mix of open technologies building the modern infrastructure stack, including OpenStack, Kubernetes, Kata Containers, Docker, Ansible, Ceph, OVS, OpenContrail, OPNFV, and more. Whether you are pursuing a private, public or multi-cloud approach, the OpenStack Summit is the place to network, skill up and plan your cloud strategy.

Boston
May 8-11, 2017

The Must-Attend

Open Infrastructure Event

Join the movement behind the most widely deployed open source cloud platform. Whether you are pursuing a private, hybrid or multi-cloud approach, the OpenStack Summit is the place to network, skill up and plan your cloud strategy.

Boston
May 8-11, 2017

Event Details


Per API Role Based Access Control

To do things at cloud scale, you need to design for cloud scale.  The access control mechanism in Keystone was built with large scale in mind, but earlier implementations made it hard or implossible to use.  We're working to fix that.

Current work in Keystone is moving to an  Role Based Access Control (RBAC) check based on the URL of the resource requested.  This will allow such sought after features as:

1. A read only role for audit purposes

2. Delegation of a single API to a service user

3. Discover what role is required to perform an action

4. Split a role into smaller roles

This talk is an over view of the mechanism, the method, and the madness of RBAC in OpenStack.


What can I expect to learn?
  • How to create a new role,
  • how to integrate that new role into an OpenStack deployement
  • How to link the Role to an API
  • How to set up default access for new Services
Wednesday, May 10, 4:30pm-5:10pm
Level: Intermediate
Red Hat
Adam Young is a Senior Software Engineer at Red Hat and a core developer on Keystone,the authentication and authorization service for OpenStack. Adam has worked on varioussystems management tools, including the Identity Management component of Red Hat EnterpriseLinux based on the FreeIPA technology. A 20 year industry veteran, Adam contributed to multipleprojects, products and solutions from... FULL PROFILE
Massachusetts Open Cloud
Kristi Nikolla is a Software Engineer with the Massachusetts Open Cloud team at Boston University. He’s currently working on OpenStack development, contributing to Keystone and leading the Mix & Match project. Kristi received an MS in Computer Science from Boston University in 2016. FULL PROFILE