<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:13.63636302947998px;font-weight:bold;white-space:nowrap">Frittoli,</span><br><div><span style="font-family:arial,sans-serif;font-size:13.63636302947998px;font-weight:bold;white-space:nowrap"><br>
</span></div><div><font face="arial, sans-serif"><span style="white-space:nowrap">I think for other services we could achieve that by  modifying  the policy.json( add domain admin role and control what the cloud admin can do ) so that domain admin user is able to manage resources belong to</span></font></div>
<div><font face="arial, sans-serif"><span style="white-space:nowrap">users and projects in that domain. </span></font></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-05-09 15:24 GMT+08:00 Frittoli, Andrea (HP Cloud) <span dir="ltr"><<a href="mailto:frittoli@hp.com" target="_blank">frittoli@hp.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="white" lang="EN-GB" link="blue" vlink="purple"><div><p class="MsoNormal" style="margin-left:36.0pt"><b><span lang="EN-US" style="color:windowtext">From:</span></b><span lang="EN-US" style="color:windowtext"> Adam Young [mailto:<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>] <br>
<b>Sent:</b> 09 May 2014 04:19<br><b>To:</b> <a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a><br><b>Subject:</b> Re: [openstack-dev] Hierarchical administrative boundary [keystone]<u></u><u></u></span></p>
<div><div class="h5"><p class="MsoNormal" style="margin-left:36.0pt"><u></u> <u></u></p><div><p class="MsoNormal" style="margin-left:36.0pt">On 05/08/2014 07:55 PM, Tiwari, Arvind wrote:<span style="font-size:12.0pt"><u></u><u></u></span></p>
</div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt"><p class="MsoNormal" style="margin-left:36.0pt">Hi All,<u></u><u></u></p><p class="MsoNormal" style="margin-left:36.0pt"> <u></u><u></u></p><p class="MsoNormal" style="margin-left:36.0pt">
Below is my proposal to address VPC use case using hierarchical administrative boundary. This topic is scheduled in <a href="http://junodesignsummit.sched.org/event/20465cd62e9054d4043dda156da5070e#.U2wYXXKLR_9" target="_blank">Hierarchical Multitenancy</a> session of Atlanta design summit.<u></u><u></u></p>
<p class="MsoNormal" style="margin-left:36.0pt"> <u></u><u></u></p><p class="MsoNormal" style="margin-left:36.0pt"><a href="https://wiki.openstack.org/wiki/Hierarchical_administrative_boundary" target="_blank">https://wiki.openstack.org/wiki/Hierarchical_administrative_boundary</a><u></u><u></u></p>
<p class="MsoNormal" style="margin-left:36.0pt"> <u></u><u></u></p><p class="MsoNormal" style="margin-left:36.0pt">Please take a look.<u></u><u></u></p><p class="MsoNormal" style="margin-left:36.0pt"> <u></u><u></u></p><p class="MsoNormal" style="margin-left:36.0pt">
Thanks,<u></u><u></u></p><p class="MsoNormal" style="margin-left:36.0pt">Arvind<u></u><u></u></p><p class="MsoNormal" style="margin-left:36.0pt"> <u></u><u></u></p><p class="MsoNormal" style="margin-left:36.0pt"><span style="font-size:12.0pt;font-family:"Times New Roman","serif""><br>
<br><br><u></u><u></u></span></p><pre style="margin-left:36.0pt">_______________________________________________<u></u><u></u></pre><pre style="margin-left:36.0pt">OpenStack-dev mailing list<u></u><u></u></pre><pre style="margin-left:36.0pt">
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><u></u><u></u></pre><pre style="margin-left:36.0pt"><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><u></u><u></u></pre>
</blockquote><p class="MsoNormal" style="margin-left:36.0pt"><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">Looks very good.  One question:  Why hierarchical domains and not Projects.  I'm not disagreeing, mind you, just that I think the Nova team is going for hierarchical Projects. <u></u><u></u></span></p>
<p class="MsoNormal"><b><i><span style="color:#1f497d"><u></u> <u></u></span></i></b></p></div></div><div class="MsoNormal" align="center" style="text-align:center"><b><i><span style="color:#1f497d"><hr size="2" width="100%" align="center">
</span></i></b></div><p class="MsoNormal"><span style="color:#1f497d">Looks good, thank you!<u></u><u></u></span></p><p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="color:#1f497d">But for this to be even more interesting nova (and other services) should be domain aware – e.g. so that a domain admin could have control on all resources which belong to users and projects in that domain.<span class="HOEnZb"><font color="#888888"><u></u><u></u></font></span></span></p>
<span class="HOEnZb"><font color="#888888"><p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="color:#1f497d">andrea<u></u><u></u></span></p><p class="MsoNormal"><b><i><span style="color:#1f497d"><u></u> <u></u></span></i></b></p>
</font></span></div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div style="color:rgb(0,0,0);font-family:arial;font-size:small">Tang Yaguang</div><div style="color:rgb(0,0,0);font-family:arial;font-size:small">
<br></div><div style="color:rgb(0,0,0);font-family:arial;font-size:small">Canonical Ltd. | <a href="http://www.ubuntu.com/" target="_blank">www.ubuntu.com</a> | <a href="http://www.canonical.com/" target="_blank">www.canonical.com</a></div>
<div style="color:rgb(0,0,0);font-family:arial;font-size:small">Mobile:  +86 152 1094 6968</div><div style="color:rgb(0,0,0);font-family:arial;font-size:small">gpg key: 0x187F664F</div><div style="color:rgb(0,0,0);font-family:arial;font-size:small">
 </div></div>
</div>