3. Keystone
Role-based Access Control (RBAC)
• More granular policies
• Can be based on aspects of the request such
as API request parameters
"identity:delete_user": [["role:admin",
"domain_id:%(target.user.domain_id)s"]]
37
7. Keystone
Remote handling of authentication through
REMOTE_USER
• Sent by the web server as an environment
variable
• Can be disabled (remove "external" from plug-ins
list)
41