[openstack-dev] [keystone][nova] Re: Hierarchicical Multitenancy Discussion
Gabriel Hurley
Gabriel.Hurley at nebula.com
Tue Feb 4 21:46:55 UTC 2014
> Yes this is one approach if keystone really wants to extend domains to work
> this way, but I think this is more complex than just using nested projects.
> Having domains contain domains containing projects is less intuitive than
> projects all the way down.
It's worth mentioning that at the meeting last Friday where all this was discussed it was pointed out that currently there are very few functional differences between projects and domains (user namespacing being the main one right now), so aside from a philosophical exercise it doesn't seem like it matters whether you extend domains or projects to be hierarchical. It accomplishes the exact same thing.
Personally I favor projects being hierarchical, but maybe that's just because they've been around longer, although domains might tie better into a story around federated clouds, etc...
All the best,
- Gabriel
More information about the OpenStack-dev
mailing list