Authorization Model in OpenStack (keystone API V3.0)
In Authorization Model Keystone API V2.0 I have tried to capture the authorization model of Keystone for API version 2.0 which is no more the latest API version which encourage me to capture the authorization model(lets say it OS_AC_3.0) for API version 3.0 [1]. For naming this model, I deliberately avoided the term RBAC because, OS_AC_3.0 model no longer confines itself within RBAC territory.
Fig 1 : OS_AC_3.0 Model: OpenStack Access Control Model for API V3.0
It is worth to mention OS_AC_3.0 with the authorization model of API version 2.0 (which I have called RBAC-OS-2.0 model) which was adopted from the minimum RBAC model. Interesting to see when RBAC-OS-2.0 model have only three policy configuration points (Configuration points are shown in fig1 which also applies to fig2 in the same way) whereas OS_AC_3.0 Model has seven configuration points which means there is more flexibility in policy configuration and policy maintenance in the newer model.
Fig2: RBAC-OS-2.0 model
Before delving more into the comparison, we need to focus on the configuration points in OS_AC_3.0.
References:
[1] http://api.openstack.org/api-ref-identity.html#identity-v3
To be continued.
