openstack team mailing list archive

Thread
Date

Re: Identity API v3 - Why allow multi-tenant users?

To: Caitlin Bestler <Caitlin.Bestler@xxxxxxxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Tim Bell <Tim.Bell@xxxxxxx>
Date: Tue, 29 May 2012 18:28:43 +0000
Accept-language: en-GB, en-US
In-reply-to: <719CD19D2B2BFA4CB1B3F00D2A8CDCD04EAE3F1E@AUSP01DAG0106.collaborationhost.net>
Keywords: CERN SpamKiller Note: -50
Thread-index: Ac09vp/w2931++7URvaQiIwK+nDrYQACcQlQ
Thread-topic: Identity API v3 - Why allow multi-tenant users?

 

In the research environment, we have frequent cases where a user is
associated with multiple tenants. For example, when you are finishing work
on a previous project but are mainly working on the new one.

 

As we move towards domain/tenant/user, we need to ensure that the tools
support multi-tenant per user. Correct accounting is critical.

 

This does require extra code but it is relevant given the use cases.

 

Tim Bell

CERN

 

From: openstack-bounces+tim.bell=cern.ch@xxxxxxxxxxxxxxxxxxx
[mailto:openstack-bounces+tim.bell=cern.ch@xxxxxxxxxxxxxxxxxxx] On Behalf Of
Caitlin Bestler
Sent: 29 May 2012 19:18
To: openstack@xxxxxxxxxxxxxxxxxxx
Subject: [Openstack] Identity API v3 - Why allow multi-tenant users?

 

One of the major complication I see in the API is that users can be
associated with multiple tenants.

 

What is the benefit of this? What functionality would be lost if a human
user merely had to use a different account with each tenant?

 

There are numerous issues with multi-tenant users. For example, if a user is
associated with multiple tenants, who resets the user's password?

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Follow ups

Re: Identity API v3 - Why allow multi-tenant users?
From: Caitlin Bestler, 2012-05-29

References

Identity API v3 - Why allow multi-tenant users?
From: Caitlin Bestler, 2012-05-29