openstack team mailing list archive
Mailing list archive
Re: Federated Identity Management (bursting and zones)
From: Jon Slenk [jslenk@xxxxxxxxxxxx]
> I think that if the system used capabilities/ZBAC then there would be
no such weird prompting.
I see your point, but I'm assuming AuthZ has to be federated as well. We don't know about Alice, she lives in her private cloud. We have to ask her AuthZ system if she can boot a new instance.
This flow is saying "The AuthZ resource lives on your side of the fence and I'd like to access it", but to do so Alice needs to grant permission and that interaction seems confusing to me.
PS> appreciate the feedback!
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@xxxxxxxxxxxxx, and delete the original message.
Your cooperation is appreciated.