[Openstack] OpenStack Identity: Keystone API Proposal
Thor Wolpert
thor at wolpert.ca
Thu Jul 14 00:17:03 UTC 2011
If they had called it "global" or some other container name, would you be
happier with that? If you're trying to leverage some LDAP style framework,
then you'd always want users in some container instead of at the raw root.
Maybe some guidance or default schema would help those groups out?
On Wed, Jul 13, 2011 at 2:12 PM, Ziad Sawalha <ziad.sawalha at rackspace.com>wrote:
> And some current Nova users have created 'dummy' tenants to house global
> users. That's ugly and hard to maintain, so we wanted to avoid 'dummy'
> tenant solutions if possible. Given we're creating the spec right here and
> now, we can do that :-)
>
>
>
> On 7/13/11 12:14 PM, "Jay Pipes" <jaypipes at gmail.com> wrote:
>
> >On Wed, Jul 13, 2011 at 12:30 PM, Bryan Taylor <btaylor at rackspace.com>
> >wrote:
> >> How is this different in effect than letting swift or nova be tenants?
> >>Each
> >> tenant gets to define users, roles, and groups, right?
> >
> >A service can have multiple tenants. For instance, an installation of
> >Nova might have a RAX tenant and a RAX-INTERNAL tenant, both of which
> >can create users and roles separately. Keystone can manage these sets
> >of users independently, but when the Nova service requests information
> >from Keystone, supplying the tenant and user, which depending on the
> >information stored in Keystone, could return different role/group
> >infomation.
> >
> >-jay
> >
> >_______________________________________________
> >Mailing list: https://launchpad.net/~openstack
> >Post to : openstack at lists.launchpad.net
> >Unsubscribe : https://launchpad.net/~openstack
> >More help : https://help.launchpad.net/ListHelp
>
> This email may include confidential information. If you received it in
> error, please delete it.
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20110713/89d694c0/attachment.html>
More information about the Openstack
mailing list