Use keystone as RBAC service

asked 2017-07-04 20:59:18 -0500

richiewu gravatar image

I want to implement keystone like this:

Use AD as backend ldap server for keystone and implement keystone as authorization server,

Also I'll build some node js web applications call keystone RBAC service API and return whether has privileges, each application can configure individual project policy.

And one user can belong to multi roles, when I call keystone API, should I input all roles to verify permissions?

Is this a good practice or not? I'm not sure if it's suitable for nodejs web app.

edit retag flag offensive close merge delete