From 4efec6330c496b727a1956dc00f409a71b0e68b5 Mon Sep 17 00:00:00 2001 From: garciadeblas Date: Sat, 7 Apr 2018 22:21:44 +0200 Subject: [PATCH] RBAC improvements in NBI with Keystone Change-Id: I7973383ddd039b842e94f9037d3a786fdca753fb Signed-off-by: garciadeblas --- .../RBAC_improvements_in_NBI_with_Keystone.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 Release5/RBAC_improvements_in_NBI_with_Keystone.md diff --git a/Release5/RBAC_improvements_in_NBI_with_Keystone.md b/Release5/RBAC_improvements_in_NBI_with_Keystone.md new file mode 100644 index 0000000..840f9de --- /dev/null +++ b/Release5/RBAC_improvements_in_NBI_with_Keystone.md @@ -0,0 +1,28 @@ +# RBAC improvements in NBI with Keystone # + +## Proposer ## +- Gerardo Garcia (Telefonica) +- Alfonso Tierno (Telefonica) +- Francisco Javier Ramon (Telefonica) + +## Type ## +**Feature** + +## Target MDG/TF ## +NBI, OSM_client + +## Description ## +The NBI module could benefit immediately of the advantages that Keystone would +provide to support and extend its RBAC functionality. Among other aspects, the +integration of Keystone would be expected to provide: +- Out of the box support of different backends for user authentication: LDAP, +Kerberos, etc. +- Would provide a simpler mean to configure, maintain and evolve the different +types of roles in OSM. +- Would open the path for internal modules to leverage on its token mechanisms +to enable or disable selectively some functionalities for a given user request. + +## Demo or definition of done ## +- Authenticate NBI users against an external user directory, such as LDAP. +- Configure some roles and check that they are applied accordingly (as +described in the corresponding Rel THREE feature). \ No newline at end of file -- 2.25.1