← Back to team overview

openstack team mailing list archive

Re: Federated Identity Management (bursting and zones)


On Wed, Mar 30, 2011 at 12:44 PM, Sandy Walsh <sandy.walsh@xxxxxxxxxxxxx> wrote:
> This flow is saying "The AuthZ resource lives on your side of the fence and I'd like to access it", but to do so Alice needs to grant permission and that interaction seems confusing to me.

Ja wohl, I don't disagree that it could well be confusing. The classic
/ bog standard approaches to security very much often suck pardon my
lingo with respect to usability. And if we're stuck with whatever
system the users want to have themselves rather than being able to
impose something actually usable, there's probably not much room to

(But I'm a pessimist. :-)

I can think of a hack attempt to bandage over the usability
horribleness, but it is all just adding complexity and papering over
the underlying lameness. I.e. when the Parent realizes that it has to
offload to a Child, it could at least inform the user that it is doing
that, and that the incoming security request is (probably?) about