[Openstack] Federated Identity Management (bursting and zones)
Vishvananda Ishaya
vishvananda at gmail.com
Tue Apr 5 00:49:06 UTC 2011
I don't see how one would give access to an entire organization at once. That was the purpose of returning multiple subjects from auth in the other proposal. If I want to give everyone in the "bar" organization in my instance, the check somehow has to be able to find out that bob is a member of "bar". Getting multiple subjects back from auth makes this easy because bob could be in a member of different subjects that would all be returned:
[group:workers]
[organization:bar]
etc...
And I can just say (organization:bar, can_halt, alice)
is there a way to do this type of thing in this proposal?
Vish
On Apr 4, 2011, at 1:19 PM, Sandy Walsh wrote:
> Phew, ok, I've boiled down the various federated AuthZ discussions with eday, vish & jorge.
>
> I've superseded the old blueprint since the bulk of the work is clearly in the Federated AuthZ camp and not the AuthN camp.
>
> http://wiki.openstack.org/FederatedAuthZwithZones
>
> Shorter and more succinct. Should address many of the issues that have arisen to date.
>
> -S
>
>
> Confidentiality Notice: This e-mail message (including any attached or
> embedded documents) is intended for the exclusive and confidential use of the
> individual or entity to which this message is addressed, and unless otherwise
> expressly indicated, is confidential and privileged information of Rackspace.
> Any dissemination, distribution or copying of the enclosed material is prohibited.
> If you receive this transmission in error, please notify us immediately by e-mail
> at abuse at rackspace.com, and delete the original message.
> Your cooperation is appreciated.
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
More information about the Openstack
mailing list