[openstack-dev] [openstack][oslo.policy] A new Keystone-Oslo hook for external PDP

Davanum Srinivas davanum at gmail.com
Thu Aug 10 14:31:41 UTC 2017 

Ruan,

Have you prototyped to see if you have all the information you need is
available in the context (or can be gathered from Nova)?
( quickly check what the existing HttpCheck mechanism sends over the wire )

Thanks,
Dims

On Thu, Aug 10, 2017 at 10:17 AM,  <ruan.he at orange.com> wrote:
> Hello,
>
> We would like to have an external and centralized security policy engine
> (PDP) that can pilot both OpenStack and SDN controllers. For this reason, we
> have developed and upstreamed a hook for the new OpenDaylight release Carbon
> (https://git.opendaylight.org/gerrit/#/c/46146/), and we’d like to develop a
> similar hook for the OpenStack/Oslo-policy.
>
>
>
> A blueprint was submitted to
> https://blueprints.launchpad.net/pbr/+spec/external-pdp-for-oslo-policy, and
> the spec is submitted to https://review.openstack.org/#/c/492543/.
>
> We hope that this topic can be discussed in the next oslo meeting.
>
> Thank you,
>
> Ruan HE
>
>
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations
> confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu
> ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
> electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou
> falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged
> information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and
> delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been
> modified, changed or falsified.
> Thank you.
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Davanum Srinivas :: https://twitter.com/dims

More information about the OpenStack-dev mailing list