On Wed, Aug 15, 2012 at 4:44 PM, Alex Huang <[email protected]> wrote:
> Alex, > > Please keep us updated. We probably should move this thread over to dev > list as well. > > Will do and yes the dev list is where this conversation should continue ... with perhaps a more specific subject. > --Alex > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf Of > > Alex Karasulu > > Sent: Tuesday, August 14, 2012 5:33 AM > > To: [email protected] > > Subject: Re: really bad UI design > > > > On Thu, Aug 9, 2012 at 2:45 AM, Alex Huang <[email protected]> > wrote: > > > > > > > > > > To sum it up, let's say we need a fine grained Role Based Access > > > > Control > > > > (RBAC) model in CloudStack. Are we using anything specific now or is > > > > it > > > just > > > > ad hoc code to handle the handful of cases that already exist? > > > > > > > Agreed ACL in CloudStack is limping. We're looking to change that and > > > introduce a RBAC model in Campo release. > > > > > > > > Please excuse the late response. I am traveling and have little to no > Internet > > connectivity. There are some API's out there like OpenLDAP's Fortress but > > this binds you to OpenLDAP which is not an option IMO. It's really nice > > though because it adheres to the NIST role based access control model and > > supports directories where this information should really be managed. > > > > There's Apache Shiro and Spring Security but I personally feel these > API's > > have become bloated and centered around JEE environments. I am looking > > for a simple core NIST role based access control model API that can be > bound > > to any of these at deploy time. Something more in like with KISS > principles > > without considering the environment yet can be used in any environment. > > > > It does not take much to whip something like this out. This is one of my > todo > > pet projects and I'll also keep an eye out on cloudstack needs to make > sure > > it's applicable. Just making it a generalized role based access control > model > > API should allow it's application in all situations. > > > > > > > Is there any suggestion on what we should base this model with? Any > > > existing systems we should take advantage of? > > > > > > > > I think I covered most of this above. However whatever is chosen it > should > > comply with the NIST role based access control model. You cannot go wrong > > if you do this. > > > > I'll start actively researching this over the next few weeks after I get > back > > home, unless of course others beat me to it first. > > > > -- > > Best Regards, > > -- Alex > -- Best Regards, -- Alex
