Some questions:
- Is there a concept of generic permission (any action, any resource etc.)?
There shouldn't be a need to define hundreds of explicit permissions for admin
account.
- I think it would be good to have a notion of parent policy. This will avoid
duplication of permissions.
- Can
On Jan 21, 2014, at 10:57 PM, Prachi Damle prachi.da...@citrix.com wrote:
Min and myself would like to propose an identity and access management plugin
for CloudStack for the ACS 4.4 release.
Here is the functional spec we have drafted for the first phase:
some questions I have:
1. Do we need groups and policies? Cant we derive group information from policy
applied? ie) any user can become domain admin if he is given the right policies.
2. Can we restrict the permission to Resource Type's CRUD? permissions at api
level seems to be like too much of
Hi Koushik,
See my answers in line.
Thanks.
-min
On 1/22/14 12:30 AM, Koushik Das koushik@citrix.com wrote:
Some questions:
- Is there a concept of generic permission (any action, any resource
etc.)? There shouldn't be a need to define hundreds of explicit
Hi Rajani,
See my answers in line.
Thanks
On 1/22/14 6:29 AM, Rajani Karuturi rajani.karut...@citrix.com wrote:
some questions I have:
1. Do we need groups and policies? Cant we derive group information from
policy applied? ie) any user can become domain admin if he is given the
-Original Message-
From: Min Chen [mailto:min.c...@citrix.com]
Sent: Wednesday, January 22, 2014 10:16 AM
To: dev@cloudstack.apache.org
Subject: Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)
Hi Rajani,
See my answers in line.
Thanks
On 1/22/14 6:29 AM
-Original Message-
From: sebgoa [mailto:run...@gmail.com]
Sent: Wednesday, January 22, 2014 12:41 AM
To: dev@cloudstack.apache.org
Subject: Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)
On Jan 21, 2014, at 10:57 PM, Prachi Damle prachi.da...@citrix.com wrote:
Min
On Tue, Jan 21, 2014 at 10:57 PM, Prachi Damle prachi.da...@citrix.comwrote:
Min and myself would like to propose an identity and access management
plugin for CloudStack for the ACS 4.4 release.
Here is the functional spec we have drafted for the first phase:
SAML 2.0 is not precluded with this design, it seems.
I found the FS both confusing and illuminating. I think what confuses me
is the interchange of 'acl', 'iam' and 'policy'.
Especially since ACL is used in the networking context.
IMO, renaming the tables and APIs to not use ACL but IAM would
Also not clear on how the dedicateXyZ problem is being solved in Phase1
(or not).
Can I (end user) create a VPC and allow user Bob to create VMs in my VPC?
On 1/21/14 4:20 PM, Chiradeep Vittal chiradeep.vit...@citrix.com wrote:
SAML 2.0 is not precluded with this design, it seems.
I found the FS
Some answers inline.
Prachi
-Original Message-
From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com]
Sent: Tuesday, January 21, 2014 4:20 PM
To: dev@cloudstack.apache.org
Subject: Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)
SAML 2.0 is not precluded
11 matches
Mail list logo