Home > Access Control, keystone, openstack > Authorization Model in OpenStack (keystone API V3.0)

Authorization Model in OpenStack (keystone API V3.0)

February 19, 2014 Leave a comment Go to comments

In Authorization Model Keystone API V2.0 I have tried to capture the authorization model of Keystone  for API version 2.0 which is no more the latest API version which encourage me to capture the authorization model(lets say it OS_AC_3.0) for API version 3.0 [1]. For naming this model, I deliberately avoided the term RBAC because,  OS_AC_3.0 model no longer confines itself within RBAC territory.

OpenStack Access Control Model for API V3.0

Fig 1 : OS_AC_3.0 Model: OpenStack Access Control Model for API V3.0

It is worth to mention OS_AC_3.0 with the authorization model of API version 2.0 (which I have called RBAC-OS-2.0  model) which was adopted from the minimum RBAC model. Interesting to see when RBAC-OS-2.0  model have only three policy configuration points (Configuration points are shown in fig1 which also applies to fig2 in the same way) whereas OS_AC_3.0 Model has seven configuration points which means there is more flexibility in policy configuration and policy maintenance in the newer model.

RBAC-OS model

Fig2: RBAC-OS-2.0 model

Before delving more into the comparison, we need to focus on the configuration points in OS_AC_3.0.

References:

[1] http://api.openstack.org/api-ref-identity.html#identity-v3

 

To be continued.

Categories: Access Control, keystone, openstack Tags: , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

<span>%d</span> bloggers like this: