<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/09/2014 08:00 AM, Ageeleshwar
Kandavelu wrote:<br>
</div>
<blockquote
cite="mid:7CE078CE0FB4A743B287BF573132B97716C449E6@INCHEAMVW033.ad.csscorp.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<style>
<!--
@font-face
{font-family:Wingdings}
@font-face
{font-family:Wingdings}
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
span.EmailStyle18
{font-family:"Calibri","sans-serif";
color:#1F497D}
span.EmailStyle19
{font-family:"Calibri","sans-serif";
color:#1F497D}
.MsoChpDefault
{font-size:10.0pt}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
ol
{margin-bottom:0in}
ul
{margin-bottom:0in}
-->
</style>
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">Hi,<br>
Your first hop is keystone project. It is the openstack identity
management system. Try to get a picture of how the various other
parts of openstack interact with keystone for providing their
service.<br>
<br>
Second you should look into policy.json file. There is a
policy.json for every service under /etc/<service_name>. I
have not used this so far and can not offer any more
information. Hope other openstack developers throw up some.<br>
<br>
Thank you,<br>
Ageeleshwar K<br>
<div style="font-family: Times New Roman; color: #000000;
font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF16314"><font
color="#000000" face="Tahoma" size="2"><b>From:</b> Priya
Sharma [<a class="moz-txt-link-abbreviated" href="mailto:priya_sharma@persistent.co.in">priya_sharma@persistent.co.in</a>]<br>
<b>Sent:</b> Friday, May 09, 2014 4:55 PM<br>
<b>To:</b> '<a class="moz-txt-link-abbreviated" href="mailto:dev@cloudstack.apache.org">dev@cloudstack.apache.org</a>';
'<a class="moz-txt-link-abbreviated" href="mailto:users@cloudstack.apache.org">users@cloudstack.apache.org</a>';
<a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
<b>Subject:</b> [Openstack] How to implement: Role based
access control using XACML and SAML over rest for cloud<br>
</font><br>
</div>
<div>
<div class="WordSection1">
<p class="MsoNormal">Hi All,</p>
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal">I am purs<span style="color:#1F497D">u</span>ing
MTech and my MTech project is “<span style="color:black">Role
based access control using XACML and SAML over rest
for cloud”.</span></p>
<p class="MsoNormal"><span style="color:black">I am
familiar with </span><span style="color:black">Technologies/platform</span><span
style="color:#1F497D"></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span
style="font-family:Symbol; color:#1F497D"><span
style="">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span><span style="color:#1F497D">R</span><span
style="color:black">ole based access control</span><span
style="color:#1F497D"></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span
style="font-family:Symbol; color:#1F497D"><span
style="">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span><span style="color:black">XACML</span><span
style="color:#1F497D"></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span
style="font-family:Symbol; color:#1F497D"><span
style="">·<span style="font:7.0pt "Times New
Roman"">
</span></span></span><span style="color:black">SAML
</span><span style="color:#1F497D"></span></p>
<p class="MsoListParagraph" style="text-indent:-.25in"><span
style="font-family:Symbol"><span style="">·<span
style="font:7.0pt "Times New Roman"">
</span></span></span>Linux environment</p>
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D">B</span><span
style="color:black">ut not aware how all this work in
cloud. My aim is to implement the role based access
control for cloud ,</span><span style="color:black">my
sole purpose is
</span><span style="color:black">cloud security.</span></p>
<p class="MsoNormal">Herein I am attaching the
architecture diagram, I initially came up with.</p>
<p class="MsoNormal">Any suggestion in the<span
style="color:black"> architect </span>
and how to implement role based access control <span
style="color:black">in cloud ,</span>will be helpful.</p>
</div>
</div>
</div>
</div>
</blockquote>
Keystone does RBAC, but does not use SAML or XACML to implement it.
Sorry.<br>
<br>
We could, however, use your experince with those in expanding the
RBAC capabilities of Keystone. We are looking to use an XACLM-like
system for distributed policy, and are still in the design stages.<br>
<br>
<br>
<blockquote
cite="mid:7CE078CE0FB4A743B287BF573132B97716C449E6@INCHEAMVW033.ad.csscorp.com"
type="cite">
<div style="direction: ltr;font-family: Tahoma;color:
#000000;font-size: 10pt;">
<div style="font-family: Times New Roman; color: #000000;
font-size: 16px">
<div>
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal">Thanks</p>
<p class="MsoNormal">Priya</p>
</div>
<p>DISCLAIMER ========== This e-mail may contain privileged
and confidential information which is the property of
Persistent Systems Ltd. It is intended only for the use of
the individual or entity to which it is addressed. If you
are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message.
If you have received this communication in error, please
notify the sender and delete all copies of this message.
Persistent Systems Ltd. does not accept any liability for
virus infected mails. </p>
</div>
</div>
</div>
<a class="moz-txt-link-freetext" href="http://www.csscorp.com/common/email-disclaimer.php">http://www.csscorp.com/common/email-disclaimer.php</a>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</body>
</html>