Add keystone Ussuri cycle highlights

Change-Id: Ic900b5f9b9868c0a943141c6ce476552a9f9285d
2020-04-09 09:26:36 -07:00 · 2020-04-09 09:26:36 -07:00 · b8aece69b3
commit b8aece69b3
parent e3adf324b6
1 changed files with 19 additions and 0 deletions
--- a/deliverables/ussuri/keystone.yaml
+++ b/deliverables/ussuri/keystone.yaml
@ -5,3 +5,22 @@ team: keystone
 type: service
 repository-settings:
  openstack/keystone: {}
+cycle-highlights:
+  - The user experience for creating application credentials and trusts has
+    been greatly improved when using a federated authentication method.
+    Federated users whose role assignments come from mapped group membership
+    will have those group memberships persisted for a configurable TTL after
+    their token expires, during which time their application credentials will
+    remain valid.
+  - Keystone to Keystone assertions now contain the user's group memberships on
+    the keystone Identity Provider which can be mapped to group membership on
+    the keystone Service Provider.
+  - Federated users can now be given concrete role assignments without relying
+    on the mapping API by allowing federated users to be created directly in
+    keystone and linked to their Identity Provider.
+  - When bootstrapping a new keystone deployment, the admin role now defaults
+    to having the "immutable" option set, which prevents it from being
+    accidentally deleted or modified unless the "immutable" option is
+    deliberately removed.
+  - Keystonemiddleware no longer supports the Identity v2.0 API, which was
+    removed from keystone in previous release cycles.