From 2e7b4f2027a1147ca28301e4f88adf8274b39a1f Mon Sep 17 00:00:00 2001
From: DUVAL Thomas <thomas.duval@orange.com>
Date: Thu, 9 Jun 2016 09:11:50 +0200
Subject: Update Keystone core to Mitaka.

Change-Id: Ia10d6add16f4a9d25d1f42d420661c46332e69db
---
 .../notes/DomainSpecificRoles-fc5dd2ef74a1442c.yaml           | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 keystone-moon/releasenotes/notes/DomainSpecificRoles-fc5dd2ef74a1442c.yaml

(limited to 'keystone-moon/releasenotes/notes/DomainSpecificRoles-fc5dd2ef74a1442c.yaml')

diff --git a/keystone-moon/releasenotes/notes/DomainSpecificRoles-fc5dd2ef74a1442c.yaml b/keystone-moon/releasenotes/notes/DomainSpecificRoles-fc5dd2ef74a1442c.yaml
new file mode 100644
index 00000000..98306f3e
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/DomainSpecificRoles-fc5dd2ef74a1442c.yaml
@@ -0,0 +1,11 @@
+---
+features:
+  - >
+    [`blueprint domain-specific-roles <https://blueprints.launchpad.net/keystone/+spec/domain-specific-roles>`_]
+    Roles can now be optionally defined as domain specific. Domain specific
+    roles are not referenced in policy files, rather they can be used to allow
+    a domain to build their own private inference rules with implied roles. A
+    domain specific role can be assigned to a domain or project within its
+    domain, and any subset of global roles it implies will appear in a token
+    scoped to the respective domain or project. The domain specific role
+    itself, however, will not appear in the token.
-- 
cgit 1.2.3-korg