Can't we use the domain name instead? What I mean is
1. users sends [email protected] to the client, which sends this to the server. 2. Extended security code inside the Cassandra (our code), does a call to IS and autenticate 3. For creating key spaces etc., the code inside Cassandra append the domain name to key space name etc. And actually this begs the questions, why do we need a separate tenant ID? Can't we use the domain name all the time? --Srinath On Sat, Jan 22, 2011 at 11:41 PM, Sanjiva Weerawarana <[email protected]> wrote: > BTW this conversation should be on stratos-dev not carbon-dev :). > Thilina the issue with making a remote call is that then we need to secure > that call ... > Sanjiva. > > On Sat, Jan 22, 2011 at 8:12 PM, Thilina Buddhika <[email protected]> wrote: >> >> So a solution might be a remote API to get the tenantId by passing the >> fully qualified username or the tenant domain. >> Thanks, >> Thilina >> >> On Sat, Jan 22, 2011 at 7:50 PM, Indika Kumara <[email protected]> wrote: >>> >>> There are two ways for deploying the Cassandra as a service - embedded >>> and separate. It is like using an embedded database vs databse network >>> server. >>> >>> For the embedded case, we have to start the Cassandra with in a carbon >>> component accessing the server API of the Cassandra. For the separate server >>> case, we have to connect to the Cassandra from its client API. In the latter >>> case, the code does the authentication does not have access to the >>> 'CarbonContext'. It is like to connecting to a remote multi tenant database >>> from a local application. >>> We decided to the latter case as the POC. >>> >>> Thanks, >>> >>> Indika >>> >>> On Sat, Jan 22, 2011 at 8:08 PM, Thilina Buddhika <[email protected]> >>> wrote: >>>> >>>> As Paul mentioned tenantId is exposed through the CarbonContext. So if >>>> these Cassendra API calls are originated from Stratos, then it is possible >>>> to get the tenantId. >>>> I was mislead thinking that there should be a WS-API which exposes this >>>> tenantID, which is not available currently. >>>> Thanks, >>>> Thilina >>>> >>>> On Sat, Jan 22, 2011 at 6:52 PM, Sanjiva Weerawarana <[email protected]> >>>> wrote: >>>>> >>>>> Thilina since this is "internal Stratos code" why can't we expose the >>>>> tenant ID to it? Basically the getTenantID call should be callable by this >>>>> code ... and if necessary the jars can be signed or whatever auth we need >>>>> for that. >>>>> Sanjiva. >>>>> >>>>> On Sat, Jan 22, 2011 at 6:48 PM, Indika Kumara <[email protected]> wrote: >>>>>> >>>>>> The Cassandra client API and inter-node communications are based on >>>>>> the Thrift API. It uses TCP and all other available Cassandra clients are >>>>>> built top on that API. With those clients, I can only give TCP port and >>>>>> host >>>>>> – cannot use a URL. As multiple tenants can have the users with the same >>>>>> name, either the tenant ID or tenant domain name should be used when log >>>>>> in >>>>>> to the system. >>>>>> >>>>>> 1) Using the tenant ID >>>>>> >>>>>> This is only applicable if the application (a Cassandra client) knows >>>>>> the current tenant ID. For example, a data service in wso2-stratos. This >>>>>> is >>>>>> what I have done so far – parsing the ‘tenantID’ along with credentials >>>>>> when >>>>>> log-ining to the Cassandra. However, if the client does not know the >>>>>> ‘tenantID’, he cannot log-ins into the system. For example, a user >>>>>> having a >>>>>> web application that uses the Cassandra as the database (local), and >>>>>> later >>>>>> want to move to the Cassandra as a Service instead of the local Cassandra >>>>>> server. Then, the user has to use the tenant domain. >>>>>> >>>>>> 2) Using the tenant domain >>>>>> >>>>>> There are mainly two ways to domain name >>>>>> >>>>>> 1) Provide it as the URL >>>>>> >>>>>> https://www.google.com/a/wso2.com/ServiceLogin?service >>>>>> >>>>>> And can logs into ‘indika’ and ‘my password’ >>>>>> >>>>>> This method cannot be used currently because of the aforementioned >>>>>> limitation in the Thrift API (TCP). >>>>>> >>>>>> 2) Provide as the part of user name >>>>>> >>>>>> https://www.google.com/accounts/ServiceLogin?service >>>>>> >>>>>> And it is needed to login as ‘[email protected]’ and ‘my password’ >>>>>> >>>>>> This is what I wanted do. Within the Cassandra, I want to call the IS >>>>>> server, and takes the tenant-id by giving the ‘tenant-domain or complete >>>>>> user name’. >>>>>> >>>>>> As we decided to use the ‘tenantID’ to differentiate the keyspaces >>>>>> having the same yet belongs to different tenants. I can use ‘tenant >>>>>> domain’ instead of ‘tenant ID’. >>>>>> >>>>>> What should be the proper solution? I highly appreciate your help. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Indika >>>>>> >>>>>> >>>>>> On Sat, Jan 22, 2011 at 5:34 PM, Amila Suriarachchi <[email protected]> >>>>>> wrote: >>>>>>> >>>>>>> >>>>>>> On Sat, Jan 22, 2011 at 12:15 PM, Indika Kumara <[email protected]> >>>>>>> wrote: >>>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> $ subject ? >>>>>>>> >>>>>>>> The scenario is that a user (a typical Cassandra client application) >>>>>>>> log-ins to the Cassandra with his username( e.g. [email protected]) and >>>>>>>> password. >>>>>>>> >>>>>>>> Within the user authentication logic, the Cassandra calls an IS >>>>>>>> server for real authentication. >>>>>>>> All user + tenant registration information is in the IS server. I >>>>>>>> need to access the 'tenantID' of the user for further operations in the >>>>>>>> Cassandra. I noticed in the ' AuthenticationAdmin' that the >>>>>>>> 'tenantId' is >>>>>>>> located. Could I get that 'tenantId'? >>>>>>>> >>>>>>>> This is the scenario where the Cassandra is a separate server. >>>>>>> >>>>>>> If the user first logs into the Casendra there must be a way to give >>>>>>> teneneID when login. One user name can ocurr in different tenants. >>>>>>> >>>>>>> thanks, >>>>>>> Amila. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Indika >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Carbon-dev mailing list >>>>>>>> [email protected] >>>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Carbon-dev mailing list >>>>>>> [email protected] >>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Carbon-dev mailing list >>>>>> [email protected] >>>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Sanjiva Weerawarana, Ph.D. >>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>>>> email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880 >>>>> | +1 650 265 8311 >>>>> blog: http://sanjiva.weerawarana.org/ >>>>> >>>>> Lean . Enterprise . Middleware >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] >>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>> >>>> >>>> >>>> -- >>>> Thilina Buddhika >>>> Senior Software Engineer >>>> WSO2 Inc. ; http://wso2.com >>>> lean . enterprise . middleware >>>> >>>> phone : +94 77 44 88 727 >>>> blog : http://blog.thilinamb.com >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> [email protected] >>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >> >> >> >> -- >> Thilina Buddhika >> Senior Software Engineer >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 77 44 88 727 >> blog : http://blog.thilinamb.com >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > > > > -- > Sanjiva Weerawarana, Ph.D. > Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ > email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 > 650 265 8311 > blog: http://sanjiva.weerawarana.org/ > > Lean . Enterprise . Middleware > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- ============================ Srinath Perera, Ph.D. Senior Software Architect, WSO2 Inc. Visiting Lecturer, University of Moratuwa Member, Apache Software Foundation Research Scientist, Lanka Software Foundation Blog: http://srinathsview.blogspot.com/ _______________________________________________ Carbon-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
