[Openstack] Identity API v3 - Why allow multi-tenant users?
Tom Fifield
fifieldt at unimelb.edu.au
Wed May 30 03:39:47 UTC 2012
Just to echo Tim's comments here about the research space - we certainly
have this requirement over in NeCTAR (Australia's national cloud for
research).
Australia actually has entire institutions setup to work in this mode -
helping out multiple universities simultaneously with software
development et al, and it's certainly a common case with our OpenStack
cloud.
Regards,
Tom
On 05/30/2012 07:16 AM, Gabriel Hurley wrote:
> Terminology:
>
> Project == Tenant. They are equivalent in Keystone parlance.
>
> What you're referring to as a "tenant" in that last email is the role a "domain" might play going forward in Keystone.
>
> All the best,
>
> - Gabriel
>
>> -----Original Message-----
>> From: openstack-bounces+gabriel.hurley=nebula.com at lists.launchpad.net
>> [mailto:openstack-
>> bounces+gabriel.hurley=nebula.com at lists.launchpad.net] On Behalf Of
>> Caitlin Bestler
>> Sent: Tuesday, May 29, 2012 11:47 AM
>> To: Tim Bell; openstack at lists.launchpad.net
>> Subject: Re: [Openstack] Identity API v3 - Why allow multi-tenant users?
>>
>> Tim Bell wrote:
>>
>> ➢ In the research environment, we have frequent cases where a user is
>> associated with multiple tenants.
>>
>>> For example, when you are finishing work on a previous project but are
>> mainly working on the new one.
>>
>>> As we move towards domain/tenant/user, we need to ensure that the
>> tools support multi-tenant per user. Correct accounting is critical.
>>
>>> This does require extra code but it is relevant given the use cases.
>>
>> What you are describing strikes me as a single tenant with multiple projects.
>> It is similar to a corporate environment with multiple departments.
>>
>> I am seeing a major problem here when the tenants are truly separate and
>> the only possible administrator in common is the service provider.
More information about the Openstack
mailing list