[openstack-dev] [openstack][oslo.policy] A new Keystone-Oslo hook for external PDP

Davanum Srinivas davanum at gmail.com
Thu Aug 10 15:02:31 UTC 2017


Ruan,

The hook is the easy part, having the data you need for making the
decision is harder.

-- Dims

On Thu, Aug 10, 2017 at 10:51 AM,  <ruan.he at orange.com> wrote:
> Dims,
> There is a similar prototype  https://review.openstack.org/#/c/237521/.
> Our idea is to provide a more generic one instead of Fortress.
> Ruan
>
>
> -----Original Message-----
> From: Davanum Srinivas [mailto:davanum at gmail.com]
> Sent: jeudi 10 août 2017 16:32
> To: OpenStack Development Mailing List (not for usage questions)
> Cc: DUVAL Thomas OBS/OAB
> Subject: Re: [openstack-dev] [openstack][oslo.policy] A new Keystone-Oslo hook for external PDP
>
> Ruan,
>
> Have you prototyped to see if you have all the information you need is available in the context (or can be gathered from Nova)?
> ( quickly check what the existing HttpCheck mechanism sends over the wire )
>
> Thanks,
> Dims
>
> On Thu, Aug 10, 2017 at 10:17 AM,  <ruan.he at orange.com> wrote:
>> Hello,
>>
>> We would like to have an external and centralized security policy
>> engine
>> (PDP) that can pilot both OpenStack and SDN controllers. For this
>> reason, we have developed and upstreamed a hook for the new
>> OpenDaylight release Carbon
>> (https://git.opendaylight.org/gerrit/#/c/46146/), and we’d like to develop a similar hook for the OpenStack/Oslo-policy.
>>
>>
>>
>> A blueprint was submitted to
>> https://blueprints.launchpad.net/pbr/+spec/external-pdp-for-oslo-polic
>> y, and the spec is submitted to https://review.openstack.org/#/c/492543/.
>>
>> We hope that this topic can be discussed in the next oslo meeting.
>>
>> Thank you,
>>
>> Ruan HE
>>
>>
>>
>> ______________________________________________________________________
>> ___________________________________________________
>>
>> Ce message et ses pieces jointes peuvent contenir des informations
>> confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
>> exploites ou copies sans autorisation. Si vous avez recu ce message
>> par erreur, veuillez le signaler a l'expediteur et le detruire ainsi
>> que les pieces jointes. Les messages electroniques etant susceptibles
>> d'alteration, Orange decline toute responsabilite si ce message a ete
>> altere, deforme ou falsifie. Merci.
>>
>> This message and its attachments may contain confidential or
>> privileged information that may be protected by law; they should not
>> be distributed, used or copied without authorisation.
>> If you have received this email in error, please notify the sender and
>> delete this message and its attachments.
>> As emails may be altered, Orange is not liable for messages that have
>> been modified, changed or falsified.
>> Thank you.
>>
>>
>> ______________________________________________________________________
>> ____ OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
>
> --
> Davanum Srinivas :: https://twitter.com/dims
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Davanum Srinivas :: https://twitter.com/dims



More information about the OpenStack-dev mailing list