Bug 1041948

Summary: [RFE][keystone]: A Role Mapping Service for the Keystone Identity Server
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/keystone/+spec/role-mapping-service-keystone
Whiteboard: upstream_milestone_none upstream_status_beta-available upstream_definition_superseded
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 17:34:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 20:14:22 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/role-mapping-service-keystone.

Description:

In order to fully realize both federated identity management in Keystone and several use cases of a centralised Keystone, a service must be introduced to allow administrators of organisations to translate a large and varying set of their organisational attributes (or roles) issued by themselves or any Identity Provider in the supported federation(s), into the service roles assigned by the Openstack administrator to determine the usage permissions for the cloud services that are available. We propose that this “Role Mapping” service be implemented as part of Keystone and the specification describes  this service.

Specification URL (additional information):

https://docs.google.com/document/d/1cObK3P_ic9XSTwJRFsmimG94LDnFbsPbvx_H1aM1FPI/edit