<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote">On Mon, Nov 11, 2013 at 4:28 AM, Flavio Percoco <span dir="ltr"><<a href="mailto:flavio@redhat.com" target="_blank">flavio@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 02/11/13 21:31 -0700, Tim Hinrichs wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi OpenStackers,<br>
<br>
We've been working on an open policy framework for OpenStack that we're calling Congress. We've been talking with OpenStack users and several of our partners to understand the kinds of rules and regulations they envision enforcing with a policy-based management framework. Across the board they are interested in policies that span networking, compute, storage, etc.<br>
<br>
The idea behind Congress is to have a single policy engine that integrates any collection of external authentication and data stores and allows cloud administrators to write policies over those data stores in a rich, declarative language. The policy engine can either enforce the policy proactively (i.e. preventing policy violations before they occur) or reactively (identifying violations after they occur and taking corrective action) or a combination (proactively when possible and reactively when not). The policy engine can also interact with the administrator, explaining the causes of violations, computing potential remediation plans, and simulating action executions to understand what violations those actions might cause.<br>
<br>
While the project is still in the early stages, we have identified a grammar for the policy language, implemented a policy engine, and written a proof of concept integration for ActiveDirectory. We would love to get participation and feedback.<br>
<br>
</blockquote>
<br></div>
Have you guys looked into oslo-incubator/policy.py ?<br>
<br>
What's wrong with the grammar used there?<br>
<br>
Have you guys considered starting your work from there?<br>
<br>
Although you're planning to create a policy service, it may make sense<br>
to be compliant with what OpenStack uses and maybe, you could maintain<br>
the whole policy library at some point.<br></blockquote><div><br></div><div>++ I'm excited to see some new effort in this space (and sad that I wasn't aware of this ahead of the summit), but surprised by the apparent lack of integration with the existing oslo.policy engine, centralized policy storage in keystone (/v3/policies), etc. There's no reason why you couldn't replace all that, but a comparison with the existing policy infrastructure to indicate the advantages provided by congress (without making me read the source!) would be help this gain some traction within community.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
FF<span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
@flaper87<br>
Flavio Percoco</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
______________________________<u></u>_________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.<u></u>org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><br></div>-Dolph
</div></div>