2017.11.30 LCOO Topical - Role Based Access Controls (RBAC)

Date

30 Nov 2017 at UTC 1300: | See it in your timezone and add to your calendar: http://bit.ly/2jAL2UO

Please join LCOO Topical meetings in 3 ways:

Here in Atlassian Wiki for the formal agenda and notes and action items - add ahead of time and during the meeting
For audio and video interaction: Webex: Join WebEx meeting | Meeting number (access code): 257 224 076
Join by phone: +1-866-662-9987 US Toll Free | Global call-in numbers:
Can't join the meeting?
IRC: for those who cannot join via audio or prefer interactive english text/ability to translate we also use IRC. It is scheduled to the #openstack-uc channel at this time.

Attendees (please sign in)

Jamey McCabe (AT&T)
Marc Bailly (Orange)
Andrew Ukasick (AT&T)
david alles (Orange)
Ruan He (Orange)
Jill Sales (AT&T)
Shintaro Mizuno (NTT)
Matt McEuen (AT&T)
Paul Carver (AT&T)
Tin Lam (AT&T)
Gage Hugo (AT&T)
Samuel Pilla (AT&T)
Sandy Baker (AT&T)
Michael A. Weinstein (AT&T)
Jaewoo Park (AT&T)
Julie Ferranti Fitzpatrick (AT&T)

Also please add your names and info here if you have not already done so: /wiki/spaces/LCOO/pages/16621272

Goals

Discussion items

Timing	Item	Who	Notes
10 min	Greet and begin sharing and communicating in all channels (here, conference bridge, IRC)
20 min	Attendees (hopefully at least 1 from each member company) introduce themselves and their interest/challenges		NTT: We had two major requirements in regards to RBAC Restrict users to access in-mature APIs (API parameters). We wanted to allow only well-tested APIs since maturity of API was not the same even within one project. we used reverse proxy (mod-proxy, etc) to filter API request (for public endpoint) Hierarchical Admin roles (mid-level admins and high-level admins whose area of management is different. i.e. high-level can access to all tenant resources but mid-level can only access to limited tenants) we tried to use "domains" and os-inherit feature to do some part of this but the configuration became too complicated and did not scale.
30 min	Discussion topic/presentation #1	Orange	Presentation of External Policy Decision Point and Moon. LCOO_Orange_IAM_Clouds-v2.pptx to view: https://coopnet.multimedia-conference.orange-business.com/Login/ParticipantLogin.aspx?id=12413772&key=%3f%3fq%3fx%3fFQ%3fF%3f%5e%3fS%3f%3f&a=participate
30 min	Discussion topic/presentation #2	AT&T	Role Based Access Control Challenges & Solutions Role-Based Access Control Challenges Solutions Draft v4.pdf
30 min	Open Discussion/Next Steps		We can put proposed next steps here. This could include subsequent sessions or checkpoints in which we bring others in. Lets agree to a common understanding of the external PDP - dynamically allocate policies. Matt McEuen - Introduce others, notably Rodolfo Pacheco about Moon david alles Investigate Ranger project functionality to spread across the multiple sites. https://github.com/openstack/ranger Proposed a common reference architecture - potentially illustrating where Moon, Ranger and possibly other's fit together. A development effort we can all support together: https://bugs.launchpad.net/keystone/+bug/968696 AT&T and Orange determine desired schedule for a subsequent session on the PDP (policy decision point) topic, Jamey McCabeand Marc Bailly before 12/14 LCOO Coordinators session. All - update Topical Sessions brainstorming pad - for future sessions. LCOO Topical Session Proposals

Date

Attendees (please sign in)

Goals

Discussion items

Action items