<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 03/25/2016 08:43 AM,
<a class="moz-txt-link-abbreviated" href="mailto:nidhi.hada@wipro.com">nidhi.hada@wipro.com</a> wrote:<br>
</div>
<blockquote
cite="mid:SIXPR0301MB13382B84A9411E391EF2A40B86830@SIXPR0301MB1338.apcprd03.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Hi All,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">A gentle
reminder..<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Could you
please share your thoughts on the approach proposed here ..<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><a
moz-do-not-send="true"
href="https://etherpad.openstack.org/p/access_group_nidhimittalhada"><a class="moz-txt-link-freetext" href="https://etherpad.openstack.org/p/access_group_nidhimittalhada">https://etherpad.openstack.org/p/access_group_nidhimittalhada</a></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Nidhi<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Nidhi Mittal Hada (Product
Engineering Service)
<br>
<b>Sent:</b> Wednesday, March 09, 2016 2:22 PM<br>
<b>To:</b> 'OpenStack Development Mailing List (not for
usage questions)'
<a class="moz-txt-link-rfc2396E" href="mailto:openstack-dev@lists.openstack.org"><openstack-dev@lists.openstack.org></a><br>
<b>Cc:</b> '<a class="moz-txt-link-abbreviated" href="mailto:bswartz@netapp.com">bswartz@netapp.com</a>'
<a class="moz-txt-link-rfc2396E" href="mailto:bswartz@netapp.com"><bswartz@netapp.com></a>; 'Ben Swartzlander'
<a class="moz-txt-link-rfc2396E" href="mailto:ben@swartzlander.org"><ben@swartzlander.org></a><br>
<b>Subject:</b> RE: [OpenStack-Dev][Manila] BP
<a class="moz-txt-link-freetext" href="https://blueprints.launchpad.net/manila/+spec/access-groups">https://blueprints.launchpad.net/manila/+spec/access-groups</a><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi All,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This is just a gentle reminder to the
previous mail .. <o:p>
</o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">PFA is revised doc.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Same is pasted here also.<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><a
moz-do-not-send="true"
href="https://etherpad.openstack.org/p/access_group_nidhimittalhada"><a class="moz-txt-link-freetext" href="https://etherpad.openstack.org/p/access_group_nidhimittalhada">https://etherpad.openstack.org/p/access_group_nidhimittalhada</a></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Kindly share
your thoughts on this..<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Nidhi</span></p>
</div>
</blockquote>
<br>
Nidhi,<br>
<br>
<br>
It seems like this is the resource level access control that people
have been asking for in many projects. A few thoughts:<br>
<br>
Deny rules are tricky. I would prefer an access control approach
that denied all by default, and then only allowed explicit adds.<br>
<br>
<br>
The idea of access groups is much like the roles we have in
Keystone. With domain specific roles, we have the potential to do
some of this, but at a courser level. I wonder if we could unify
the approach, such that the roles are managed in Keystone, and then
could apply to things other than items in Manila?<br>
<br>
In general, I do not like to have individual users in access lists,
especially when they might be the only person that can clean up a
resource, and then they leave. That means things fall back on
"Admin". Ideally, all access would be controlled via groups
membership.<br>
<br>
<br>
What you are writing is really similar to the oslo-policy
enforcement rules. Are you planning on using Oslo to enforce?<br>
<br>
Sorry for jumping in to the middle here, but you did ask for
feedback!<br>
<br>
<blockquote
cite="mid:SIXPR0301MB13382B84A9411E391EF2A40B86830@SIXPR0301MB1338.apcprd03.prod.outlook.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Nidhi Mittal Hada (Product
Engineering Service)
<br>
<b>Sent:</b> Friday, February 26, 2016 3:22 PM<br>
<b>To:</b> 'OpenStack Development Mailing List (not for
usage questions)' <<a moz-do-not-send="true"
href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<b>Cc:</b> '<a class="moz-txt-link-abbreviated" href="mailto:bswartz@netapp.com">bswartz@netapp.com</a>' <<a
moz-do-not-send="true" href="mailto:bswartz@netapp.com"><a class="moz-txt-link-abbreviated" href="mailto:bswartz@netapp.com">bswartz@netapp.com</a></a>>;
'Ben Swartzlander' <<a moz-do-not-send="true"
href="mailto:ben@swartzlander.org">ben@swartzlander.org</a>><br>
<b>Subject:</b> [OpenStack-Dev][Manila] BP <a
moz-do-not-send="true"
href="https://blueprints.launchpad.net/manila/+spec/access-groups">
<a class="moz-txt-link-freetext" href="https://blueprints.launchpad.net/manila/+spec/access-groups">https://blueprints.launchpad.net/manila/+spec/access-groups</a></a><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi Manila Team,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am working on<o:p></o:p></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="https://blueprints.launchpad.net/manila/+spec/access-groups">https://blueprints.launchpad.net/manila/+spec/access-groups</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">For this I have created initial document as
attached with the mail.<o:p></o:p></p>
<p class="MsoNormal">It contains DB CLI REST API related
changes.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Could you please have a look and share your
opinion.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Kindly let me know, if there is some
understanding gap, <o:p>
</o:p></p>
<p class="MsoNormal">or something I have missed to document or <o:p></o:p></p>
<p class="MsoNormal">share your comments in general to make it
better.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Thank
you.<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Nidhi
Mittal Hada<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Architect
| PES / COE</span></b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#333333">
–
<b>Kolkata India<o:p></o:p></b></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Wipro
Limited</span></b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#333333">M</span></b><span
style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#333333">
+91 74 3910 9883 |
<b>O</b> +91 33 3095 4767 | <b>VOIP</b> +91 33 3095 4767<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of
the addressee(s) and may contain proprietary, confidential or
privileged information. If you are not the intended recipient, you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately and destroy all copies of this
message and any attachments. WARNING: Computer viruses can be
transmitted via email. The recipient should check this email and
any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by
this email. <a class="moz-txt-link-abbreviated" href="http://www.wipro.com">www.wipro.com</a>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>