← Back to team overview

openstack team mailing list archive

Re: Federated Identity Management (bursting and zones)


> From: Vishvananda Ishaya [vishvananda@xxxxxxxxx]
> I don't see how one would give access to an entire organization at once.  

We don't need to. When a user auths into the SP world we get a set of permissions for that user from MyCo. If everyone in MyCo auth'ed against the SP they would all have the same permissions on a set of instances. 

In other words, the Subject is implied by receiving the auth token and permissions are relative to that.


Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@xxxxxxxxxxxxx, and delete the original message.
Your cooperation is appreciated.