Shadow users: work item to relax mapping requirements
This addresses an unaddressed comment from the original spec review. See Steve's item "6" on line 38: https://review.openstack.org/#/c/296123/1/specs/newton/shadow-users.rst Change-Id: Id5290c6982565803d82495a6707cb2991dc9ac46
This commit is contained in:
parent
9253062353
commit
a71e5b2518
|
@ -55,6 +55,11 @@ for the originally-proposed changes and additional detail.
|
||||||
no longer ephemeral, we can ignore the "ephemeral" vs "local" user type and
|
no longer ephemeral, we can ignore the "ephemeral" vs "local" user type and
|
||||||
treat all users equally.
|
treat all users equally.
|
||||||
|
|
||||||
|
#. **Relax the requirement for mappings to result in group memberships.** Now
|
||||||
|
that we're able to grant authorization to federated users using concrete
|
||||||
|
role assignments, we can drop the requirement for the mapping engine to
|
||||||
|
result in any authorization (via group membership) at all.
|
||||||
|
|
||||||
Alternatives
|
Alternatives
|
||||||
------------
|
------------
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue