Hi Linda, A multi-tenant management solution must allow ability to create multiple administrative entities that are going to manage security policies. For example, a service provider deploys security controller that provides managed security services for Enterprises. In this case, the service provider can be seen as domain owner and each Enterprise customer/user of security controller would be treated as Tenant. Basically each Tenant have their own separate admin boundary so that one Enterprise has complete separate from other.
The “User” and “Role” are entities that help in Role-Based-Access-Control (RBAC) model. These can be scoped to either for the entire domain or to a specific tenant. Basically a Tenant can have two users with each user allowed only certain task/permissions (Role). In short all these object allow to implement a fully functional Multi-tenant with RBAC . I hope it helps. Thanks Rakesh From: Linda Dunbar <[email protected]<mailto:[email protected]>> Date: Thursday, June 29, 2017 at 10:37 AM To: Rakesh Kumar <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: What is the difference between "Policy-Tenant" and "Policy-User" in draft-kumar-i2nsf-client-facing-interface-im-02 Rakesh, et al: The “Multi-Tenancy” section of your draft has specified “Policy- Tenant” and “Policy – User”: Policy- Tenant: This object defines an entity within an organization that wants to manage its own Security Policies. Policy-User: represents a unique identity within an organization. The identity authenticates with Security Controller using credentials such as a password or token in order to do policy management. What is the difference? Does the “Policy-Role” apply to both of them? Or just one? Thank you very much. Linda
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
