<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div>The other challenge of utilizing Keystone is which one to use. Fuel enables the deployment of multiple cloud environments from one UI; so when accessing the Fuel Master Node, it would be ambiguous which already deployed Keystone to contact for authentication. If/When Triple-O is utilized, one could perhaps see designating the Keystone of the undercloud; but that’s more a future requirement.</div><div><br></div><div>For now, I’d suggest an internal authentication in the immediate short term. External auth sources can be added in future milestones – most likely an LDAP source that’s outside the deployed clouds and designated by IT.</div><div><br></div><div>Thanks,</div><div><br></div><div><div>- David J. Easter</div><div> Director of Product Management, Mirantis</div></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Jesse Pretorius <<a href="mailto:jesse.pretorius@gmail.com">jesse.pretorius@gmail.com</a>><br><span style="font-weight:bold">Reply-To: </span> "OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br><span style="font-weight:bold">Date: </span> Tuesday, May 27, 2014 at 7:43 AM<br><span style="font-weight:bold">To: </span> "OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br><span style="font-weight:bold">Subject: </span> Re: [openstack-dev] [Fuel-dev] access-control-master-node<br></div><div><br></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 27 May 2014 13:42, Lukasz Oles <span dir="ltr"><<a href="mailto:loles@mirantis.com" target="_blank">loles@mirantis.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Hello fuelers,</div><div><br></div><div>we(I and Kamil) would like start discussion about "Enforce access control for Fuel UI" blueprint <a href="https://blueprints.launchpad.net/fuel/+spec/access-control-master-node" target="_blank">https://blueprints.launchpad.net/fuel/+spec/access-control-master-node</a>.</div><div><br></div><div>First question to David, as he proposed this bp. Do you want to add more requirements?</div><div><br></div><div>To all. What do you think about using keystone as authorization tool? We described all pros/cons in the specification.</div></div></div></blockquote><div><br></div><div>I would suggest both an internal authentication database and the option of plugging additional options in, with keystone being one of them and perhaps something like oauth being another.</div><div><br></div><div>Keystone may not be available at the time of the build, or accessible from the network that's used for the initial build. </div></div></div></div>
_______________________________________________
OpenStack-dev mailing list
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</span></body></html>