Clouds have certain requirements when it comes to user- and permission management: A hard separation of individual projects is necessary — and it must work reliably. In OpenStack, the built-in policy engine is responsible for defining and enforcing access levels. And while things seem great at a first glance, a closer look will soon bring a number of challenges to light.
This presentation gives a basic introduction into the OpenStack permission model and how policy enforcement works for the individual services. It will elaborate on a number of issues of the current implementation and will show ways to address them. If you want to know why using the OpenStack default policy files may not be a good idea, this presentation is for you.
Martin Gerhard Loschwitz
Geek, Debian Developer, Cloud architect, journalist: Martin is a jack of many trades. He currently holds the position of a Teamlead for OpenStack Development at SysEleven in Berlin. He has previously worked as a consultant on OpenStack Cloud architecture, Software Defined Storage (SDS), Software Defined Networking (SDN) and High Availability. In his free time, he writes articles for a number of IT magazines on Cloud computing and related topics.