Merge branch 'main' into feat/describe-mailinglists

Author: garloff

community/governance/index.md

@@ -0,0 +1,4 @@
+# Governance of the SCS Community
+
+The SCS Community is governed by the [SCS Project Board](/community/governance/project-board). The _Project Board_ is elected on a yearly basis.
+The governance of the community is described in the procedural standard [SCS-0005](https://docs.scs.community/standards/global/scs-0005).

community/governance/project-board.md

@@ -0,0 +1,17 @@
+# The SCS Project Board
+
+The governance of the community is described in the procedural standard [SCS-0005](https://docs.scs.community/standards/global/scs-0005).
+
+## Project Board Term 2025
+
+For the term 2025 the project board consists of:
+
+Spokesperson: Felix Kronlage-Dammers, @fkr
+
+| Name, Firstname         | Github Handle                                  | E-Mail                                                       | Remark                         |
+| ----------------------- | ---------------------------------------------- | ------------------------------------------------------------ |---------------------------------
+| Berendt, Christian      | [@berendt](https://github.com/berendt)         | [[email protected]](mailto:[email protected])              | Elected by Community           |
+| Feder, Matej            | [@matofeder](https://github.com/matofeder)     | [[email protected]](mailto:[email protected])| Elected by Community           |
+| Garloff, Kurt           | [@garloff](https://github.com/garloff)         | [[email protected]](mailto:[email protected])                      | Elected by Community           |
+| Kronlage-Dammers, Felix | [@fkr](https://github.com/fkr)                 | [[email protected]](mailto:[email protected])          | Represents Forum SCS-Standards |
+| Schoone, Jan            | [@jschoone](https://github.com/jschoone)       | [[email protected]](mailto:[email protected])  | Elected by Community           |

docs/05-iam/iaas-roles.md

@@ -0,0 +1,47 @@
+# IaaS Roles
+
+An SCS-compliant cloud offers the following roles on the Infrastructure as a Service (IaaS) layer:
+
+| Role | Scope | Description |
+|---|---|---|
+| reader | All OpenStack APIs | Role with read-only access within authentication scope. |
+| member | All OpenStack APIs | Role with read-write access within authentication scope. |
+| manager | Identity API | Role with self-service capabilites for the Identity API in domain scope. |
+| admin | All OpenStack APIs | Most privileged role, reserved for CSP personnel, to administer the OpenStack cloud |
+
+:::info Role Inheritance
+
+The OpenStack Identity API implements automatic role inheritance between admin, manager, member and reader roles where a role with higher privileges inherits all lesser roles automatically.
+
+This means:
+
+- `admin` inherits `manager`, `member` and `reader`
+- `manager` inherits `member` and `reader`
+- `member` inherits `reader`
+
+:::
+
+## Role Assignment
+
+### Scopes & Targets
+
+Roles can be assigned in different scopes and either to users or groups.
+This leads to the following role assignment matrix:
+
+| | User | Group |
+|---|---|---|
+| Project | single user, permissions in project | all users of group, permissions in project |
+| Domain | single user, permissions in domain | all users of group, permissions in domain |
+| System | single user, permissions in whole cloud | all users of group, permissions in whole cloud |
+
+(rows are the scopes and columns are the role assignment target entities)
+
+### Assignment Procedure
+
+Roles are assigned to users or groups by administrative personnel.
+In most cases, this is either:
+
+- a cloud operator with the admin role, belonging to the provider
+- a domain manager with the manager role in domain scope, belonging to the provider or a tenant
+
+A domain manager can only assign and revoke roles within their own domain and is restricted to a specific subset of available roles to prevent privilege escalation.

sidebarsCommunity.js

@@ -5,6 +5,17 @@ const sidebars = {
   community: [
     'index',
     'mission-statement',
+    {
+      type: 'category',
+      link: {
+        type: 'doc',
+        id: 'governance/index'
+      },
+      label: 'Governance',
+      items: [
+        'governance/project-board'
+      ]
+    },
     'license-considerations',
     {
       type: 'category',