[OpenStack-DefCore] [Security] List Users in RefStack
Egle Sigler
ushnishtha at hotmail.com
Wed Mar 16 18:49:35 UTC 2016
I agree with Gema. User should not be able to see all other users' info, unless they have super-admin powers or are in the same organization.If the option is being able to see all users or none at all, I would default to none for regular users.
Thank you,Egle
> To: defcore-committee at lists.openstack.org
> From: gema.gomez-solano at canonical.com
> Date: Wed, 16 Mar 2016 17:02:27 +0000
> Subject: Re: [OpenStack-DefCore] [Security] List Users in RefStack
>
> In my opinion, listing users should work as follows:
>
> - Any user can list the users of the organizations (s)he belongs to.
>
> What data to list? Full name+email+OpenID
>
>
> - Any Foundation (super-admin) user should be able to list everyone, and
> this should probably be a separate API call from the ones all users have
> available.
>
> What data to list? Full name+email+OpenID+Organizations
>
>
> Cheers,
> Gema
>
> On 14/03/16 22:28, Catherine Cuong Diep wrote:
> > The RefStack team would appreciate guidance and recommendation on the
> > following:
> >
> > 1. Should any RefStack authenticated user be able to list the users
> > registered in RefStack?
> > * If the answer is yes, which user information should be returned
> > (full name, email, OpenID)?
> > 2. Or ONLY OpenStack Foundation members can list the users in RefStack?
> >
> >
> >
> > _Back ground information:_
> >
> > 1. When a user registers at RefStack, RefStack does not request any
> > user information input from the user, Instead, RefStack redirects
> > the registration process to OpenstackId Identity Provider (
> > https://openstackid.org/ ) and obtains three pieces of user
> > information ( full name, email, OpenID ) from the OpenstackId
> > Identity Provider.
> > 2. OpenstackId Identity Provider ( https://openstackid.org/ ) treats
> > email as private information. You will not find email or OpenID
> > information on any member's public profile on
> > https://www.openstack.org/community/members/ . Furthermore, if you
> > look at your own profile on https://www.openstack.org/profile/ , you
> > will find that email information is listed under the "private
> > information" section.
> > 3. Since OpenstackId Identity Provider is the source of the user
> > information of RefStack, RefStack should respect and not relax the
> > privacy policy set by its source .
> >
> >
> > Note:
> > The user information for _review.openstack.org_
> > <http://review.openstack.org/> seems to be set in
> > https://review.openstack.org/#/settings/web-identities and not from
> > OpenstackId Identity Provider.
> >
> > Catherine Diep
> > RefStack Project PTL
> > IBM Silicon Valley Laboratory, San Jose, California 95141
> > cdiep at us.ibm.com, Tel: (408) 463-4352 T/L: 543-4352
> >
> >
> > _______________________________________________
> > Defcore-committee mailing list
> > Defcore-committee at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/defcore-committee
> >
>
>
> --
> Gema Gomez-Solano <gema.gomez-solano at canonical.com>
> STS, QE https://launchpad.net/~gema
> Canonical Ltd. http://www.canonical.com
>
> _______________________________________________
> Defcore-committee mailing list
> Defcore-committee at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/defcore-committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/defcore-committee/attachments/20160316/3e60d42a/attachment.html>
More information about the Defcore-committee
mailing list