On Thu, Aug 9, 2012 at 2:45 AM, Alex Huang <alex.hu...@citrix.com> wrote:
> > > > To sum it up, let's say we need a fine grained Role Based Access Control > > (RBAC) model in CloudStack. Are we using anything specific now or is it > just > > ad hoc code to handle the handful of cases that already exist? > > > Agreed ACL in CloudStack is limping. We're looking to change that and > introduce a RBAC model in Campo release. > > Please excuse the late response. I am traveling and have little to no Internet connectivity. There are some API's out there like OpenLDAP's Fortress but this binds you to OpenLDAP which is not an option IMO. It's really nice though because it adheres to the NIST role based access control model and supports directories where this information should really be managed. There's Apache Shiro and Spring Security but I personally feel these API's have become bloated and centered around JEE environments. I am looking for a simple core NIST role based access control model API that can be bound to any of these at deploy time. Something more in like with KISS principles without considering the environment yet can be used in any environment. It does not take much to whip something like this out. This is one of my todo pet projects and I'll also keep an eye out on cloudstack needs to make sure it's applicable. Just making it a generalized role based access control model API should allow it's application in all situations. > Is there any suggestion on what we should base this model with? Any > existing systems we should take advantage of? > > I think I covered most of this above. However whatever is chosen it should comply with the NIST role based access control model. You cannot go wrong if you do this. I'll start actively researching this over the next few weeks after I get back home, unless of course others beat me to it first. -- Best Regards, -- Alex
