From eb591c2c2dd192acdd46196871f9a4a038dabbb0 Mon Sep 17 00:00:00 2001 From: Marek Denis Date: Tue, 1 Jul 2014 19:56:19 +0000 Subject: [PATCH] Revert "Trusted Attributes Policy for External Identity Providers" This reverts commit d82be8f5637960295f5190adb286f0c62d176e9b. Change-Id: I505373ce762314834991ac7329e8620a84ffe91f --- .../identity-api-v3-os-federation-ext.md | 160 +----------------- 1 file changed, 5 insertions(+), 155 deletions(-) diff --git a/v3/src/markdown/identity-api-v3-os-federation-ext.md b/v3/src/markdown/identity-api-v3-os-federation-ext.md index 480a5339..5c023306 100644 --- a/v3/src/markdown/identity-api-v3-os-federation-ext.md +++ b/v3/src/markdown/identity-api-v3-os-federation-ext.md @@ -18,8 +18,6 @@ Definitions may not align 1:1 with the Identity API concepts. To help overcome such mismatches, a mapping can be done either on the sending side (third party identity provider), on the consuming side (Identity API service), or both. -- *Trusted Attribute*: An attribute trusted to be issued by a Trusted Identity - Provider. API Resources ------------- @@ -138,23 +136,6 @@ Required attributes:: expression](http://docs.python.org/2/library/re.html) search against the remote attribute `type`. -### Trusted Attribute: `/OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes` - -A trusted attributes policy defines which attributes an Identity provider is -trusted to issue. When a policy is created for a Identity provider, the -attributes received in assertions from this provider are automatically filtered. -In order to maintain backwards compatibility, all attributes are accepted from -this provider if no policy is defined. If the policy is empty, no attributes are -accepted. - -Attributes: - - - `attributes` (list) - - A list of trusted attributes. Each attribute is specified as a - type and an optional set of values. A list of zero values denotes that - any value should be accepted. - Identity Provider API --------------------- @@ -180,8 +161,7 @@ Response: "id": "ACME", "links": { "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME", - "trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes" + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME" } } } @@ -200,8 +180,7 @@ Response: "id": "ACME", "links": { "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME", - "trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes" + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME" } }, { @@ -210,8 +189,7 @@ Response: "id": "ACME-contractors", "links": { "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors", - "trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes" + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors" } } ], @@ -235,8 +213,7 @@ Response: "id": "ACME", "links": { "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME", - "trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes" + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME" } } } @@ -271,8 +248,7 @@ Response: "id": "ACME", "links": { "protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME", - "trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes" + "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME" } } } @@ -584,132 +560,6 @@ Response: Status: 204 No Content -Trusted Attribute API ---------------------- - -### Get an Identity Provider's set of trusted attributes: `GET /OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes` - -Response: - - Status: 200 OK - - { - "trusted_attributes": [ - { - "type": "email", - "values": [] - }, - { - "type": "orgPersonType", - "values": ["staff", "contractor", "guest"] - }, - { - "type": "uid", - "values": [] - } - ], - "links": { - "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6/trusted_attributes" - } - } - -### Create an Identity Provider's Trusted Attributes Policy: `PUT /OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes` - -Request: - { - "trusted_attributes": [ - { - "type": "email", - "values": [] - }, - { - "type": "orgPersonType", - "values": ["staff", "contractor", "guest"] - }, - { - "type": "uid", - "values": [] - } - ] - } - -Response: - - Status: 201 Created - - { - "trusted_attributes": [ - { - "type": "email", - "values": [] - }, - { - "type": "orgPersonType", - "values": ["staff", "contractor", "guest"] - }, - { - "type": "uid", - "values": [] - } - ], - "links": { - "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6/trusted_attributes" - } - } - -### Update an Identity Provider's Trusted Attributes Policy: `PATCH /OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes` - -Request: - { - "trusted_attributes": [ - { - "type": "email", - "values": [] - }, - { - "type": "orgPersonType", - "values": ["contractor", "guest"] - }, - { - "type": "uid", - "values": [] - } - ] - } - -Response: - - Status: 200 OK - - { - "trusted_attributes": [ - { - "type": "email", - "values": [] - }, - { - "type": "orgPersonType", - "values": ["contractor", "guest"] - }, - { - "type": "uid", - "values": [] - } - ], - "links": { - "identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6", - "self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6/trusted_attributes" - } - } - -### Delete a trusted attributes policy for an Identity provider: `DELETE /OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes` - -Response: - - Status: 204 Deleted - Listing projects and domains ----------------------------