<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 08/15/2015 01:15 PM, Michael
Krotscheck wrote:<br>
</div>
<blockquote
cite="mid:CABM65atCHLFYvASY8Ud83+9fYroTwSjFtii5nFd+wr+ZacdfGg@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_quote">
<div dir="ltr">On Fri, Aug 14, 2015 at 2:26 PM Adam Young <<a
moz-do-not-send="true" href="mailto:ayoung@redhat.com"><a class="moz-txt-link-abbreviated" href="mailto:ayoung@redhat.com">ayoung@redhat.com</a></a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">On
08/14/2015 12:43 PM, Michael Krotscheck wrote:<br>
> 1- Do users want to page through search results?<br>
Does not matter: in Federation, the User list is not
available.<br>
</blockquote>
<div><br>
</div>
<div>Let's back up here for a sec: A user wants to page a list
of data. This is something horizon needs, traditionally
relying on keystone, and now keystone has broken backwards
compatibility for horizon because of one use case, without
taking responsibility for it and providing (with code) a
good alternative. Furthermore, you and your team are saying
"You should go use a different service that's better at
this", which is basically saying "We live in this silo, we
don't have to care about other silo's".<br>
</div>
</div>
</div>
</blockquote>
<br>
NO. What we are saying is you are asking for infromation in a away
that the technoliogies that OpenStack is pulling together cannot
support.<br>
<br>
<blockquote
cite="mid:CABM65atCHLFYvASY8Ud83+9fYroTwSjFtii5nFd+wr+ZacdfGg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<div>You broke backwards compatibility. It's your
responsibility to address it.</div>
</div>
</div>
</blockquote>
<br>
No. The world moved on.<br>
<br>
<br>
Keystone pagination in SQL is trivial. It is also useless.<br>
<br>
LDAP does not support paging. The majority of the deployments us
LDAP for the back end.<br>
<br>
In as SAML/OpenID deployment there is no way to list users.<br>
<br>
<br>
<br>
<blockquote
cite="mid:CABM65atCHLFYvASY8Ud83+9fYroTwSjFtii5nFd+wr+ZacdfGg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<div>The other argument I'm hearing here is that keystone is
responsible for authentication and authorization, but not
user management. I actually agree with this, but nobody's
started a user management service and/or its delegation
plugins, so now we have a rather large hole in horizon's
features, late in a release cycle, and nobody has the
resources to address it. What do you propose to do about it?</div>
</div>
</div>
</blockquote>
<br>
We don't maintain MySQL, either. Use an external tool for user
management. There are numerous, and OpenStack can integrate with
them via LDAP or SAML. Other technologies coming soon, too.<br>
<br>
<blockquote
cite="mid:CABM65atCHLFYvASY8Ud83+9fYroTwSjFtii5nFd+wr+ZacdfGg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div><br>
</div>
<div>Michael</div>
<div>
<div><br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>