[Openstack] Federated Identity Management (bursting and zones)

Sandy Walsh sandy.walsh at RACKSPACE.COM
Tue Apr 5 01:42:17 UTC 2011


> From: Vishvananda Ishaya [vishvananda at gmail.com]
> I don't see how one would give access to an entire organization at once.  

We don't need to. When a user auths into the SP world we get a set of permissions for that user from MyCo. If everyone in MyCo auth'ed against the SP they would all have the same permissions on a set of instances. 

In other words, the Subject is implied by receiving the auth token and permissions are relative to that.

-S


Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com, and delete the original message.
Your cooperation is appreciated.





More information about the Openstack mailing list