openstack-attic/identity-api
Code Issues Proposed changes

Revert "Trusted Attributes Policy for External Identity Providers"

Browse Source 
This reverts commit d82be8f5637960295f5190adb286f0c62d176e9b.

Change-Id: I505373ce762314834991ac7329e8620a84ffe91f
This commit is contained in:
Marek Denis 2014-07-01 19:56:19 +00:00
parent d82be8f563
commit eb591c2c2d
1 changed files with 5 additions and 155 deletions

160
v3/src/markdown/identity-api-v3-os-federation-ext.md

@ -18,8 +18,6 @@ Definitions
may not align 1:1 with the Identity API concepts. To help overcome such
mismatches, a mapping can be done either on the sending side (third party
identity provider), on the consuming side (Identity API service), or both.
- *Trusted Attribute*: An attribute trusted to be issued by a Trusted Identity
Provider.
API Resources
-------------
@ -138,23 +136,6 @@ Required attributes::
expression](http://docs.python.org/2/library/re.html) search against the
remote attribute `type`.
### Trusted Attribute: `/OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes`
A trusted attributes policy defines which attributes an Identity provider is
trusted to issue. When a policy is created for a Identity provider, the
attributes received in assertions from this provider are automatically filtered.
In order to maintain backwards compatibility, all attributes are accepted from
this provider if no policy is defined. If the policy is empty, no attributes are
accepted.
Attributes:
- `attributes` (list)
A list of trusted attributes. Each attribute is specified as a
type and an optional set of values. A list of zero values denotes that
any value should be accepted.
Identity Provider API
---------------------
@ -180,8 +161,7 @@ Response:
"id": "ACME",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes"
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
@ -200,8 +180,7 @@ Response:
"id": "ACME",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes"
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}
},
{
@ -210,8 +189,7 @@ Response:
"id": "ACME-contractors",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors",
"trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes"
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME-contractors"
}
}
],
@ -235,8 +213,7 @@ Response:
"id": "ACME",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes"
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
@ -271,8 +248,7 @@ Response:
"id": "ACME",
"links": {
"protocols": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/protocols",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME",
"trusted_attributes": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME/trusted_attributes"
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
@ -584,132 +560,6 @@ Response:
Status: 204 No Content
Trusted Attribute API
---------------------
### Get an Identity Provider's set of trusted attributes: `GET /OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes`
Response:
Status: 200 OK
{
"trusted_attributes": [
{
"type": "email",
"values": []
},
{
"type": "orgPersonType",
"values": ["staff", "contractor", "guest"]
},
{
"type": "uid",
"values": []
}
],
"links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6/trusted_attributes"
}
}
### Create an Identity Provider's Trusted Attributes Policy: `PUT /OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes`
Request:
{
"trusted_attributes": [
{
"type": "email",
"values": []
},
{
"type": "orgPersonType",
"values": ["staff", "contractor", "guest"]
},
{
"type": "uid",
"values": []
}
]
}
Response:
Status: 201 Created
{
"trusted_attributes": [
{
"type": "email",
"values": []
},
{
"type": "orgPersonType",
"values": ["staff", "contractor", "guest"]
},
{
"type": "uid",
"values": []
}
],
"links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6/trusted_attributes"
}
}
### Update an Identity Provider's Trusted Attributes Policy: `PATCH /OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes`
Request:
{
"trusted_attributes": [
{
"type": "email",
"values": []
},
{
"type": "orgPersonType",
"values": ["contractor", "guest"]
},
{
"type": "uid",
"values": []
}
]
}
Response:
Status: 200 OK
{
"trusted_attributes": [
{
"type": "email",
"values": []
},
{
"type": "orgPersonType",
"values": ["contractor", "guest"]
},
{
"type": "uid",
"values": []
}
],
"links": {
"identity_provider": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6",
"self": "http://identity:35357/v3/OS-FEDERATION/identity_providers/7e23a6/trusted_attributes"
}
}
### Delete a trusted attributes policy for an Identity provider: `DELETE /OS-FEDERATION/identity_providers/{idp_id}/trusted_attributes`
Response:
Status: 204 Deleted
Listing projects and domains
----------------------------