Features/VirtAuthorization

= VirtuAuthorization =

Summary
Configuration of fine grained authorization for remote virtual machine management services.

Owner

 * Name: Daniel Berrange
 * email: berrange@fedoraproject.org

Current status

 * Targeted release: 13
 * Last updated: 2009-07-15
 * Percentage of completion: 0%

Detailed Description
Previous Fedora releases have added encryption and authentication support to the libvirt daemon/client and VNC server/client asssociated with Xen and KVM. Any user who authenticates successfully will have access to all the capabilities. This feature is intended to allow configuration of authorization information, to allow users to be restricted in what capabilities they can use.

Benefit to Fedora
More flexible deployment of virtual machine services and the ability to delegate administrative tasks to users without giving full access to management capabilities.

Scope
This work will mostly take place in libvirt.

The libvirtd daemon already has simple whitelists for authorizing users of the libvirt RPC service. It is an all or nothing capability though. In addition it needs to be possible to authorization individual users to use individual VNC servers.

How To Test
TBD

User Experience
TDB

Dependencies
The impact should be contained to the libvirt package

Contingency Plan
Maintain current level of functionality. No backup plan required

Documentation
TBD

Release Notes
TBD

Comments and Discussion

 * See Talk:Features/YourFeatureName