[Openstack] Identity API v3 - Why allow multi-tenant users?
Joseph Heck
heckj at me.com
Tue May 29 17:52:22 UTC 2012
Hi Caitlin,
A user is able to be associated with multiple tenants in the current API as well - this API just attempt to make is significantly more clear what you're asking for and what you're getting back. It was one of the earliest requests and requirements of the auth system.
For the back-ends of Keystone that allow resetting of passwords, it would generally be an administrator of Keystone (as it is today) that would be required to reset a user's password, but with the additional domain model, it's possible to expand that a bit if a local implementation wanted to allow a domain admin to reset a user's password as well.
-joe
On May 29, 2012, at 10:18 AM, Caitlin Bestler wrote:
> One of the major complication I see in the API is that users can be associated with multiple tenants.
>
> What is the benefit of this? What functionality would be lost if a human user merely had to use a different account with each tenant?
>
> There are numerous issues with multi-tenant users. For example, if a user is associated with multiple tenants, who resets the user’s password?
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120529/0b92abe1/attachment.html>
More information about the Openstack
mailing list