Alex, Please keep us updated. We probably should move this thread over to dev list as well.
--Alex > -----Original Message----- > From: akaras...@gmail.com [mailto:akaras...@gmail.com] On Behalf Of > Alex Karasulu > Sent: Tuesday, August 14, 2012 5:33 AM > To: cloudstack-users@incubator.apache.org > Subject: Re: really bad UI design > > On Thu, Aug 9, 2012 at 2:45 AM, Alex Huang <alex.hu...@citrix.com> wrote: > > > > > > > To sum it up, let's say we need a fine grained Role Based Access > > > Control > > > (RBAC) model in CloudStack. Are we using anything specific now or is > > > it > > just > > > ad hoc code to handle the handful of cases that already exist? > > > > > Agreed ACL in CloudStack is limping. We're looking to change that and > > introduce a RBAC model in Campo release. > > > > > Please excuse the late response. I am traveling and have little to no Internet > connectivity. There are some API's out there like OpenLDAP's Fortress but > this binds you to OpenLDAP which is not an option IMO. It's really nice > though because it adheres to the NIST role based access control model and > supports directories where this information should really be managed. > > There's Apache Shiro and Spring Security but I personally feel these API's > have become bloated and centered around JEE environments. I am looking > for a simple core NIST role based access control model API that can be bound > to any of these at deploy time. Something more in like with KISS principles > without considering the environment yet can be used in any environment. > > It does not take much to whip something like this out. This is one of my todo > pet projects and I'll also keep an eye out on cloudstack needs to make sure > it's applicable. Just making it a generalized role based access control model > API should allow it's application in all situations. > > > > Is there any suggestion on what we should base this model with? Any > > existing systems we should take advantage of? > > > > > I think I covered most of this above. However whatever is chosen it should > comply with the NIST role based access control model. You cannot go wrong > if you do this. > > I'll start actively researching this over the next few weeks after I get back > home, unless of course others beat me to it first. > > -- > Best Regards, > -- Alex
