2017.11.30 LCOO Topical - Role Based Access Controls (RBAC)

Owned by Jamey McCabe
Last updated: Jan 25, 2018 by Andrew Ukasick
2 min read

Date

at UTC 1300: | See it in your timezone and add to your calendar: http://bit.ly/2jAL2UO


Please join LCOO Topical meetings in 3 ways:

  1. Here in Atlassian Wiki for the formal agenda and notes and action items - add ahead of time and during the meeting
  2. For audio and video interaction: Webex: Join WebEx meeting | Meeting number (access code): 257 224 076
    Join by phone: +1-866-662-9987 US Toll Free | Global call-in numbers:
    Can't join the meeting? 
  3. IRC: for those who cannot join via audio or prefer interactive english text/ability to translate we also use IRC.  It is scheduled to the #openstack-uc channel at this time. 

Attendees (please sign in)

Also please add your names and info here if you have not already done so: /wiki/spaces/LCOO/pages/16621272

Goals

Discussion items

TimingItemWhoNotes
10 minGreet and begin sharing and communicating in all channels (here, conference bridge, IRC)

20 minAttendees (hopefully at least 1 from each member company) introduce themselves and their interest/challenges

NTT: We had two major requirements in regards to RBAC

  1. Restrict users to access in-mature APIs (API parameters). We wanted to allow only well-tested APIs since maturity of API was not the same even within one project.
    1. we used reverse proxy (mod-proxy, etc) to filter API request (for public endpoint)
  2. Hierarchical Admin roles (mid-level admins and high-level admins whose area of management is different. i.e. high-level can access to all tenant resources but mid-level can only access to limited tenants)
    1. we tried to use "domains" and os-inherit feature to do some part of this but the configuration became too complicated and did not scale.
30 minDiscussion topic/presentation #1Orange

Presentation of External Policy Decision Point and Moon.

LCOO_Orange_IAM_Clouds-v2.pptx

to view: https://coopnet.multimedia-conference.orange-business.com/Login/ParticipantLogin.aspx?id=12413772&key=%3f%3fq%3fx%3fFQ%3fF%3f%5e%3fS%3f%3f&a=participate

30 min


Discussion topic/presentation #2AT&T

Role Based Access Control Challenges & Solutions

Role-Based Access Control Challenges Solutions Draft v4.pdf

30 minOpen Discussion/Next Steps

We can put proposed next steps here.  This could include subsequent sessions or checkpoints in which we bring others in.


Action items

    •