← Back to team overview

openstack team mailing list archive

Re: Federated Identity Management (bursting and zones)

 

I was thinking of having OAuth implementation for authorization/delegation
in an external identity management solution, option 2 :). The IdM solution
can be extensible to support other Identity Federation protocols as well
such as SAML.

Khaled

On Mon, Mar 28, 2011 at 11:17 AM, Jay Pipes <jaypipes@xxxxxxxxx> wrote:

> On Mon, Mar 28, 2011 at 10:15 AM, Sandy Walsh <sandy.walsh@xxxxxxxxxxxxx>
> wrote:
> > Currently, we link Nova deployments (aka Zones) with a single admin
> account.
> > All operations done in the child zone are done with this admin account.
> > Obviously this needs to change. A simple operation such as
> "get_all_servers"
> > should only return the servers that User X owns. In the current
> > implementation, all the servers the admin account can see will be
> returned.
> > We need some form of federated identity management. User accounts must be
> > shared between homogeneous and heterogeneous deployments. ie. all
> private,
> > all public or public/private (aka Hybrid) via Bursting.
> > There are some possibilities here:
> > 1. Replicate User accounts across zones. A user account would map to N
> child
> > zone accounts ... one for each child zone. These "placeholder" accounts
> are
> > hidden from the user and synchronized when the parent changes.
> > 2. Rely on an external/shared user management service. Let the Auth/RBAC
> > system sort out visibility, control, etc. This system would need to be
> > publicly available to both groups in the hybrid scenario.
> > 3. Continue with the admin account and filter access control/visibility
> in
> > the parent zone.
> > ... and I'm sure there are others.
>
> 4. Use OAuth?
>
> -jay
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

Follow ups

References