On 03/25/2016 08:43 AM, [email protected] wrote:
Hi All,
A gentle reminder..
Could you please share your thoughts on the approach proposed here ..
https://etherpad.openstack.org/p/access_group_nidhimittalhada
Thanks
Nidhi
*From:* Nidhi Mittal Hada (Product Engineering Service)
*Sent:* Wednesday, March 09, 2016 2:22 PM
*To:* 'OpenStack Development Mailing List (not for usage questions)'
<[email protected]>
*Cc:* '[email protected]' <[email protected]>; 'Ben Swartzlander'
<[email protected]>
*Subject:* RE: [OpenStack-Dev][Manila] BP
https://blueprints.launchpad.net/manila/+spec/access-groups
Hi All,
This is just a gentle reminder to the previous mail ..
PFA is revised doc.
Same is pasted here also.
https://etherpad.openstack.org/p/access_group_nidhimittalhada
Kindly share your thoughts on this..
Thanks
Nidhi
Nidhi,
It seems like this is the resource level access control that people have
been asking for in many projects. A few thoughts:
Deny rules are tricky. I would prefer an access control approach that
denied all by default, and then only allowed explicit adds.
The idea of access groups is much like the roles we have in Keystone.
With domain specific roles, we have the potential to do some of this,
but at a courser level. I wonder if we could unify the approach, such
that the roles are managed in Keystone, and then could apply to things
other than items in Manila?
In general, I do not like to have individual users in access lists,
especially when they might be the only person that can clean up a
resource, and then they leave. That means things fall back on "Admin".
Ideally, all access would be controlled via groups membership.
What you are writing is really similar to the oslo-policy enforcement
rules. Are you planning on using Oslo to enforce?
Sorry for jumping in to the middle here, but you did ask for feedback!
*From:* Nidhi Mittal Hada (Product Engineering Service)
*Sent:* Friday, February 26, 2016 3:22 PM
*To:* 'OpenStack Development Mailing List (not for usage questions)'
<[email protected]
<mailto:[email protected]>>
*Cc:* '[email protected]' <[email protected]
<mailto:[email protected]>>; 'Ben Swartzlander' <[email protected]
<mailto:[email protected]>>
*Subject:* [OpenStack-Dev][Manila] BP
https://blueprints.launchpad.net/manila/+spec/access-groups
Hi Manila Team,
I am working on
https://blueprints.launchpad.net/manila/+spec/access-groups
For this I have created initial document as attached with the mail.
It contains DB CLI REST API related changes.
Could you please have a look and share your opinion.
Kindly let me know, if there is some understanding gap,
or something I have missed to document or
share your comments in general to make it better.
*Thank you.*
*Nidhi Mittal Hada*
*Architect | PES / COE*– *Kolkata India*
*Wipro Limited*
*M*+91 74 3910 9883 | *O* +91 33 3095 4767 | *VOIP* +91 33 3095 4767
The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the
addressee(s) and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy all copies of this message and any
attachments. WARNING: Computer viruses can be transmitted via email.
The recipient should check this email and any attachments for the
presence of viruses. The company accepts no liability for any damage
caused by any virus transmitted by this email. www.wipro.com
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
