On Sun, Jan 23, 2011 at 8:57 PM, Srinath Perera <[email protected]> wrote:
> Can't we use the domain name instead? > +1. > > What I mean is > > 1. users sends [email protected] to the client, which sends this to the > server. > 2. Extended security code inside the Cassandra (our code), does a call > to IS and autenticate > 3. For creating key spaces etc., the code inside Cassandra append the > domain name to key space name etc. > > And actually this begs the questions, why do we need a separate tenant > ID? Can't we use the domain name all the time? > TenantId is Purely to make things efficient (storage, lookup etc), IMO, and to separate the concerns of domain and identifier through a mapping, instead of having constraints on the definition of a domain. But, this should be purely an internal thing, as Thilina pointed out earlier. For anything external, we should use domain. Our MT model is based on user name and user domain, and it is wrong to mix the concept of tenant id along with it, IMHO. Thanks, Senaka. > > --Srinath > > > On Sat, Jan 22, 2011 at 11:41 PM, Sanjiva Weerawarana <[email protected]> > wrote: > > BTW this conversation should be on stratos-dev not carbon-dev :). > > Thilina the issue with making a remote call is that then we need to > secure > > that call ... > > Sanjiva. > > > > On Sat, Jan 22, 2011 at 8:12 PM, Thilina Buddhika <[email protected]> > wrote: > >> > >> So a solution might be a remote API to get the tenantId by passing the > >> fully qualified username or the tenant domain. > >> Thanks, > >> Thilina > >> > >> On Sat, Jan 22, 2011 at 7:50 PM, Indika Kumara <[email protected]> wrote: > >>> > >>> There are two ways for deploying the Cassandra as a service - embedded > >>> and separate. It is like using an embedded database vs databse network > >>> server. > >>> > >>> For the embedded case, we have to start the Cassandra with in a carbon > >>> component accessing the server API of the Cassandra. For the separate > server > >>> case, we have to connect to the Cassandra from its client API. In the > latter > >>> case, the code does the authentication does not have access to the > >>> 'CarbonContext'. It is like to connecting to a remote multi tenant > database > >>> from a local application. > >>> We decided to the latter case as the POC. > >>> > >>> Thanks, > >>> > >>> Indika > >>> > >>> On Sat, Jan 22, 2011 at 8:08 PM, Thilina Buddhika <[email protected]> > >>> wrote: > >>>> > >>>> As Paul mentioned tenantId is exposed through the CarbonContext. So if > >>>> these Cassendra API calls are originated from Stratos, then it is > possible > >>>> to get the tenantId. > >>>> I was mislead thinking that there should be a WS-API which exposes > this > >>>> tenantID, which is not available currently. > >>>> Thanks, > >>>> Thilina > >>>> > >>>> On Sat, Jan 22, 2011 at 6:52 PM, Sanjiva Weerawarana < > [email protected]> > >>>> wrote: > >>>>> > >>>>> Thilina since this is "internal Stratos code" why can't we expose the > >>>>> tenant ID to it? Basically the getTenantID call should be callable by > this > >>>>> code ... and if necessary the jars can be signed or whatever auth we > need > >>>>> for that. > >>>>> Sanjiva. > >>>>> > >>>>> On Sat, Jan 22, 2011 at 6:48 PM, Indika Kumara <[email protected]> > wrote: > >>>>>> > >>>>>> The Cassandra client API and inter-node communications are based on > >>>>>> the Thrift API. It uses TCP and all other available Cassandra > clients are > >>>>>> built top on that API. With those clients, I can only give TCP port > and host > >>>>>> – cannot use a URL. As multiple tenants can have the users with the > same > >>>>>> name, either the tenant ID or tenant domain name should be used when > log in > >>>>>> to the system. > >>>>>> > >>>>>> 1) Using the tenant ID > >>>>>> > >>>>>> This is only applicable if the application (a Cassandra client) > knows > >>>>>> the current tenant ID. For example, a data service in wso2-stratos. > This is > >>>>>> what I have done so far – parsing the ‘tenantID’ along with > credentials when > >>>>>> log-ining to the Cassandra. However, if the client does not know the > >>>>>> ‘tenantID’, he cannot log-ins into the system. For example, a user > having a > >>>>>> web application that uses the Cassandra as the database (local), and > later > >>>>>> want to move to the Cassandra as a Service instead of the local > Cassandra > >>>>>> server. Then, the user has to use the tenant domain. > >>>>>> > >>>>>> 2) Using the tenant domain > >>>>>> > >>>>>> There are mainly two ways to domain name > >>>>>> > >>>>>> 1) Provide it as the URL > >>>>>> > >>>>>> https://www.google.com/a/wso2.com/ServiceLogin?service > >>>>>> > >>>>>> And can logs into ‘indika’ and ‘my password’ > >>>>>> > >>>>>> This method cannot be used currently because of the aforementioned > >>>>>> limitation in the Thrift API (TCP). > >>>>>> > >>>>>> 2) Provide as the part of user name > >>>>>> > >>>>>> https://www.google.com/accounts/ServiceLogin?service > >>>>>> > >>>>>> And it is needed to login as ‘[email protected]’ and ‘my password’ > >>>>>> > >>>>>> This is what I wanted do. Within the Cassandra, I want to call the > IS > >>>>>> server, and takes the tenant-id by giving the ‘tenant-domain or > complete > >>>>>> user name’. > >>>>>> > >>>>>> As we decided to use the ‘tenantID’ to differentiate the keyspaces > >>>>>> having the same yet belongs to different tenants. I can use > ‘tenant > >>>>>> domain’ instead of ‘tenant ID’. > >>>>>> > >>>>>> What should be the proper solution? I highly appreciate your help. > >>>>>> > >>>>>> Thanks, > >>>>>> > >>>>>> Indika > >>>>>> > >>>>>> > >>>>>> On Sat, Jan 22, 2011 at 5:34 PM, Amila Suriarachchi <[email protected] > > > >>>>>> wrote: > >>>>>>> > >>>>>>> > >>>>>>> On Sat, Jan 22, 2011 at 12:15 PM, Indika Kumara <[email protected]> > >>>>>>> wrote: > >>>>>>>> > >>>>>>>> Hi All, > >>>>>>>> > >>>>>>>> $ subject ? > >>>>>>>> > >>>>>>>> The scenario is that a user (a typical Cassandra client > application) > >>>>>>>> log-ins to the Cassandra with his username( e.g. [email protected]) > and > >>>>>>>> password. > >>>>>>>> > >>>>>>>> Within the user authentication logic, the Cassandra calls an IS > >>>>>>>> server for real authentication. > >>>>>>>> All user + tenant registration information is in the IS server. I > >>>>>>>> need to access the 'tenantID' of the user for further operations > in the > >>>>>>>> Cassandra. I noticed in the ' AuthenticationAdmin' that the > 'tenantId' is > >>>>>>>> located. Could I get that 'tenantId'? > >>>>>>>> > >>>>>>>> This is the scenario where the Cassandra is a separate server. > >>>>>>> > >>>>>>> If the user first logs into the Casendra there must be a way to > give > >>>>>>> teneneID when login. One user name can ocurr in different tenants. > >>>>>>> > >>>>>>> thanks, > >>>>>>> Amila. > >>>>>>>> > >>>>>>>> Thanks, > >>>>>>>> > >>>>>>>> Indika > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> _______________________________________________ > >>>>>>>> Carbon-dev mailing list > >>>>>>>> [email protected] > >>>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> Carbon-dev mailing list > >>>>>>> [email protected] > >>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>>>>> > >>>>>> > >>>>>> > >>>>>> _______________________________________________ > >>>>>> Carbon-dev mailing list > >>>>>> [email protected] > >>>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>>>> > >>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Sanjiva Weerawarana, Ph.D. > >>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ > >>>>> email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 > 6880 > >>>>> | +1 650 265 8311 > >>>>> blog: http://sanjiva.weerawarana.org/ > >>>>> > >>>>> Lean . Enterprise . Middleware > >>>>> > >>>>> _______________________________________________ > >>>>> Carbon-dev mailing list > >>>>> [email protected] > >>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Thilina Buddhika > >>>> Senior Software Engineer > >>>> WSO2 Inc. ; http://wso2.com > >>>> lean . enterprise . middleware > >>>> > >>>> phone : +94 77 44 88 727 > >>>> blog : http://blog.thilinamb.com > >>>> > >>>> _______________________________________________ > >>>> Carbon-dev mailing list > >>>> [email protected] > >>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>> > >>> > >>> > >>> _______________________________________________ > >>> Carbon-dev mailing list > >>> [email protected] > >>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>> > >> > >> > >> > >> -- > >> Thilina Buddhika > >> Senior Software Engineer > >> WSO2 Inc. ; http://wso2.com > >> lean . enterprise . middleware > >> > >> phone : +94 77 44 88 727 > >> blog : http://blog.thilinamb.com > >> > >> _______________________________________________ > >> Carbon-dev mailing list > >> [email protected] > >> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >> > > > > > > > > -- > > Sanjiva Weerawarana, Ph.D. > > Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ > > email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880 | > +1 > > 650 265 8311 > > blog: http://sanjiva.weerawarana.org/ > > > > Lean . Enterprise . Middleware > > > > _______________________________________________ > > Carbon-dev mailing list > > [email protected] > > https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > > > -- > ============================ > Srinath Perera, Ph.D. > Senior Software Architect, WSO2 Inc. > Visiting Lecturer, University of Moratuwa > Member, Apache Software Foundation > Research Scientist, Lanka Software Foundation > Blog: http://srinathsview.blogspot.com/ > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- *Senaka Fernando* Product Manager - WSO2 Governance Registry; Associate Technical Lead; WSO2, Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://www.linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Carbon-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
