← Back to team overview

openstack team mailing list archive

Re: Federated Identity Management (bursting and zones)


Myself and Eric were chatting a little more about this on IRC yesterday http://paste.openstack.org/show/1108/

Eric made an interesting observation that we don't need to call them Resource Groups, since they're just collections of UUID's (or URI's or URN's or whatever). They could refer to Users, other Resource Groups, Instances, Projects, whatever. 

So, starting off, new Resources are created with the User ID as the owner. Later, when MyCo.authz passes the permission tuples to SP, they could include the UUID of the user. If the instance needed to be controlled by a group of people, the owner of the resource could be changed to be a User Group.

This implies, of course, that there would be a means to chgrp() a resource in Nova across Zones. Not a big deal and pretty handy actually.

Eric suggested calling them Entity Groups vs Resource Groups. (aside: I find Entity is a pretty overloaded term ... perhaps Security Groups?)

Seems reasonable to me? If people agree, I'll update the wiki to reflect the changes.


Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@xxxxxxxxxxxxx, and delete the original message.
Your cooperation is appreciated.

Follow ups