Re: [openstack-dev] [all] [tc] Multi-clouds integration by OpenStack cascading

2014-10-02 Thread Tiwari, Arvind
team will stay at Paris from Oct.29 to Nov.8. Best Regards Chaoyi Huang ( joehuang ) From: Tiwari, Arvind [arvind.tiw...@hp.com] Sent: 02 October 2014 0:42 To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [all] [tc

Re: [openstack-dev] [all] [tc] Multi-clouds integration by OpenStack cascading

2014-10-01 Thread Tiwari, Arvind
Hi Chaoyi, Thanks for sharing these information. Sometime back I have stared a project called “Alliance” which trying to address the same concerns (see the link below). Alliance service is designed to provide Inter-Cloud Resource Federation which will enable resource sharing across cloud in

[openstack-dev] [barbican] Need opinion on bug 1347101

2014-07-22 Thread Tiwari, Arvind
I have logged below bug to enforce 'content-type' check before RBAC enforcement on POST requests, but seems we have difference in opinion. https://bugs.launchpad.net/barbican/+bug/1347101 Please look at the above bug and share your thoughts. IMO - content-type enforcement is concern of REST

Re: [openstack-dev] Inter cloud resource federation [Alliance]

2014-07-10 Thread Tiwari, Arvind
://review.openstack.org/#/c/100023/https://blueprints.launchpad.net/keystone/+spec/keystone-to-keystone-federation The federation will be migrated to this new service? Regards, 2014-07-09 14:33 GMT-03:00 Tiwari, Arvind arvind.tiw...@hp.commailto:arvind.tiw...@hp.com: Hi All, I am investigating on inter cloud

Re: [openstack-dev] Inter cloud resource federation [Alliance]

2014-07-10 Thread Tiwari, Arvind
Riedemann [mailto:mrie...@linux.vnet.ibm.com] Sent: Wednesday, July 09, 2014 2:30 PM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] Inter cloud resource federation [Alliance] On 7/9/2014 12:33 PM, Tiwari, Arvind wrote: Hi All, I am investigating on inter cloud resource

[openstack-dev] Inter cloud resource federation [Alliance]

2014-07-09 Thread Tiwari, Arvind
Hi All, I am investigating on inter cloud resource federation across OS based cloud deployments, this is needed to support multi regions, cloud bursting, VPC and more use cases. I came up with a design (link below) which advocate a new service (a.k.a. Alliance), this service sits close to

[openstack-dev] Inter Cloud Resource Federation (Alliance)

2014-07-01 Thread Tiwari, Arvind
All, I am working on a new service to address the problems of Inter Cloud Resource Federation use cases (e.g. multi region, cloud bursting, resource sharing across clouds, etc . ). The new service will integrate multiple OpenStack cloud to work in alliance to provide resource federation

Re: [openstack-dev] Message level security plans. [barbican]

2014-06-12 Thread Tiwari, Arvind
Some thoughts out of the context of this email thread. As per my understanding of Kite, it is a subset of Barbican or there might be minor gaps. If that is the true statement then what is the point of having a services with duplicate feature set? Why not port all the Kite feature to Barbican

Re: [openstack-dev] Message level security plans. [barbican]

2014-06-12 Thread Tiwari, Arvind
/12/2014 03:16 PM, Tiwari, Arvind wrote: Some thoughts out of the context of this email thread. As per my understanding of Kite, it is a subset of Barbican or there might be minor gaps. If that is the true statement then what is the point of having a services with duplicate feature set? Why

Re: [openstack-dev] [Neutron][LBaaS] Barbican Neutron LBaaS Integration Ideas

2014-06-09 Thread Tiwari, Arvind
As per current implementation, containers are immutable. Do we have any use case to make it mutable? Can we live with new container instead of updating an existing container? Arvind -Original Message- From: Samuel Bercovici [mailto:samu...@radware.com] Sent: Monday, June 09, 2014

[openstack-dev] [keystone] [barbican] Protecting user specific secrets in Barbican

2014-05-15 Thread Tiwari, Arvind
Barbcan will be used as secret store (or Key Manager) in Open Stack deployments. That means users can store any kind for secrets (ssh keys , access keys, password .) in Barbican these secrets are not shared secrets. In below scenario it seems secrets are not well protected in Barbican 1.

Re: [openstack-dev] Hierarchical administrative boundary [keystone]

2014-05-09 Thread Tiwari, Arvind
@lists.openstack.org Subject: Re: [openstack-dev] Hierarchical administrative boundary [keystone] On 05/08/2014 07:55 PM, Tiwari, Arvind wrote: Hi All, Below is my proposal to address VPC use case using hierarchical administrative boundary. This topic is scheduled in Hierarchical Multitenancyhttp

[openstack-dev] Hierarchical administrative boundary [keystone]

2014-05-08 Thread Tiwari, Arvind
Hi All, Below is my proposal to address VPC use case using hierarchical administrative boundary. This topic is scheduled in Hierarchical Multitenancyhttp://junodesignsummit.sched.org/event/20465cd62e9054d4043dda156da5070e#.U2wYXXKLR_9 session of Atlanta design summit.

Re: [openstack-dev] [barbican] Atlanta Summit Etherpads for Review

2014-05-05 Thread Tiwari, Arvind
Hi Chad, We are working on following topics and expecting some time to discuss in the summit. Can we accommodate them in the summit? https://blueprints.launchpad.net/barbican/+spec/secret-isolation-at-user-level (We are working on POC + API change proposal)

Re: [openstack-dev] [barbican] Atlanta Summit Etherpads for Review

2014-05-05 Thread Tiwari, Arvind
Chad, Please let me know if you want me to start etherpads for them? Regards, Arvind From: Tiwari, Arvind Sent: Monday, May 05, 2014 10:22 AM To: openstack-dev@lists.openstack.org Subject: RE: [openstack-dev] [barbican] Atlanta Summit Etherpads for Review Hi Chad, We are working on following

Re: [openstack-dev] [Nova] Including Domains in Nova

2014-02-19 Thread Tiwari, Arvind
Hi Henrique, I agree with your thoughts and in my opinion every OpenStack service has to be Domain aware. Specially it will be more helpful in large scale OpenStack deployments where IAM resources are scoped to a domain but other services (e.g. Nova) are just not aware of domains. Thanks,

Re: [openstack-dev] VPC Proposal

2014-02-14 Thread Tiwari, Arvind
Hi JC, I have proposed BP to address VPC using domain hierarchy and hierarchical administrative boundary. https://blueprints.launchpad.net/keystone/+spec/hierarchical-administrative-boundary Thanks, Arvind -Original Message- From: Martin, JC [mailto:jch.mar...@gmail.com] Sent:

Re: [openstack-dev] [keystone][nova] Re: Hierarchicical Multitenancy Discussion

2014-02-05 Thread Tiwari, Arvind
Hi Chris, Looking at your requirements, seems my solution (see attached email) is pretty much aligned. What I am trying to propose is 1. One root domain as owner of virtual cloud. Logically linked to n leaf domains. 2. All leaf domains falls under admin boundary of virtual cloud owner. 3. No

Re: [openstack-dev] [keystone][nova] Re: Hierarchicical Multitenancy Discussion

2014-02-04 Thread Tiwari, Arvind
Hi Vish, I am sorry as I am proposing just a solution approach below but no code so far. ### Problem and Requirement ### As per the problem description it seems to me that Martha, the owner of ProductionIT is not a cloud provider (correct me if wrong) and she uses someone else cloud

Re: [openstack-dev] Domain ID in Policy_dict

2014-01-16 Thread Tiwari, Arvind
...@canonical.com] On Behalf Of Telles Mota Vidal Nóbrega Sent: Thursday, January 16, 2014 6:30 AM To: Tiwari, Arvind Subject: Domain ID in Policy_dict Hi, i'm working on some new features for openstack and this merge that you submitted https://review.openstack.org/#/c/50488/ does most of what I need. I

[openstack-dev] API spec for OS-NS-ROLES extension

2013-12-18 Thread Tiwari, Arvind
Hi Adam, I would like to request you to revisit the below link and provide your opinion, so that we can move forward and try to find a common ground where everyone. https://review.openstack.org/#/c/61897 Below is my justification for service_id in role model: In a public cloud deployment

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-10 Thread Tiwari, Arvind
...@kent.ac.uk] Sent: Tuesday, December 10, 2013 1:30 AM To: Adam Young; Tiwari, Arvind; OpenStack Development Mailing List (not for usage questions) Cc: Henry Nash; dolph.math...@gmail.com; Yee, Guang Subject: Re: [openstack-dev] [keystone] Service scoped role definition How about the following which

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-10 Thread Tiwari, Arvind
. https://blueprints.launchpad.net/keystone/+spec/service-scoped-tokens. Thanks. Arvind -Original Message- From: David Chadwick [mailto:d.w.chadw...@kent.ac.uk] Sent: Tuesday, December 10, 2013 2:27 PM To: Tiwari, Arvind; Adam Young; OpenStack Development Mailing List (not for usage

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-10 Thread Tiwari, Arvind
My Comments in line. Arvind -Original Message- From: Adam Young [mailto:ayo...@redhat.com] Sent: Tuesday, December 10, 2013 2:54 PM To: David Chadwick; Tiwari, Arvind; OpenStack Development Mailing List (not for usage questions) Cc: Henry Nash; dolph.math...@gmail.com; Yee, Guang

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-09 Thread Tiwari, Arvind
, scope.id, domain_id and project_id makes the composite key. -Original Message- From: Adam Young [mailto:ayo...@redhat.com] Sent: Monday, December 09, 2013 1:28 PM To: David Chadwick; Tiwari, Arvind; OpenStack Development Mailing List (not for usage questions) Cc: Henry Nash; dolph.math

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-09 Thread Tiwari, Arvind
Message- From: David Chadwick [mailto:d.w.chadw...@kent.ac.uk] Sent: Monday, December 09, 2013 3:15 PM To: Tiwari, Arvind; Adam Young; OpenStack Development Mailing List (not for usage questions) Cc: Henry Nash; dolph.math...@gmail.com; Yee, Guang Subject: Re: [openstack-dev] [keystone

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-09 Thread Tiwari, Arvind
Thanks David, Let me update the etherpad with this proposal. Arvind -Original Message- From: David Chadwick [mailto:d.w.chadw...@kent.ac.uk] Sent: Friday, December 06, 2013 2:44 AM To: Tiwari, Arvind; Adam Young; OpenStack Development Mailing List (not for usage questions) Cc: Henry

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-05 Thread Tiwari, Arvind
Hi David, Let me capture these details in ether pad. I will drop an email after adding these details in etherpad. Thanks, Arvind -Original Message- From: David Chadwick [mailto:d.w.chadw...@kent.ac.uk] Sent: Thursday, December 05, 2013 4:15 AM To: Tiwari, Arvind; Adam Young; OpenStack

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-05 Thread Tiwari, Arvind
are right now and open questions along with my thoughts. Please take a look and share your comments/suggestion. Regards, Arvind -Original Message- From: David Chadwick [mailto:d.w.chadw...@kent.ac.uk] Sent: Thursday, December 05, 2013 5:45 AM To: Tiwari, Arvind; Adam Young Cc: OpenStack

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-04 Thread Tiwari, Arvind
://blueprints.launchpad.net/keystone/+spec/service-scoped-tokens BP. Thanks, Arvind -Original Message- From: Adam Young [mailto:ayo...@redhat.com] Sent: Tuesday, December 03, 2013 6:52 PM To: Tiwari, Arvind; OpenStack Development Mailing List (not for usage questions) Cc: Henry Nash; dolph.math...@gmail.com

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-04 Thread Tiwari, Arvind
://blueprints.launchpad.net/keystone/+spec/service-scoped-tokens BP. Thanks, Arvind -Original Message- From: David Chadwick [mailto:d.w.chadw...@kent.ac.uk] Sent: Wednesday, December 04, 2013 2:16 AM To: Tiwari, Arvind; OpenStack Development Mailing List (not for usage questions); Adam

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-04 Thread Tiwari, Arvind
] Sent: Wednesday, December 04, 2013 10:41 AM To: Adam Young; Tiwari, Arvind; OpenStack Development Mailing List (not for usage questions) Cc: Henry Nash; dolph.math...@gmail.com Subject: Re: [openstack-dev] [keystone] Service scoped role definition Hi Adam I understand your problem: having

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-04 Thread Tiwari, Arvind
, Arvind; Adam Young Cc: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [keystone] Service scoped role definition On 04/12/2013 17:28, Tiwari, Arvind wrote: Hi David, Thanks for your valuable comments. I have updated https://etherpad.openstack.org/p

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-03 Thread Tiwari, Arvind
Hi David, I have added my comments underneath line # 97 till line #110, it is mostly aligned with your proposal with some modification. https://etherpad.openstack.org/p/service-scoped-role-definition Thanks for your time, Arvind -Original Message- From: Tiwari, Arvind Sent

Re: [openstack-dev] [keystone] Service scoped role definition

2013-12-02 Thread Tiwari, Arvind
which can fit in my Plan B and I think Adam is cool with plan B. Please let me know if David's proposal for role-def scoping is cool for everybody? Thanks, Arvind -Original Message- From: Adam Young [mailto:ayo...@redhat.com] Sent: Wednesday, November 27, 2013 8:44 AM To: Tiwari, Arvind

Re: [openstack-dev] [keystone] Service scoped role definition

2013-11-26 Thread Tiwari, Arvind
-Original Message- From: David Chadwick [mailto:d.w.chadw...@kent.ac.uk] Sent: Monday, November 25, 2013 12:12 PM To: Tiwari, Arvind; OpenStack Development Mailing List Cc: Henry Nash; ayo...@redhat.com; dolph.math...@gmail.com; Yee, Guang Subject: Re: [openstack-dev] [keystone] Service

Re: [openstack-dev] [keystone] Service scoped role definition

2013-11-26 Thread Tiwari, Arvind
. Feel free to update the etherpad. Regards, Arvind -Original Message- From: Tiwari, Arvind Sent: Tuesday, November 26, 2013 4:08 PM To: David Chadwick; OpenStack Development Mailing List Subject: Re: [openstack-dev] [keystone] Service scoped role definition Hi David, Thanks for your

[openstack-dev] [keystone] Service scoped role definition

2013-11-18 Thread Tiwari, Arvind
Hi, Based on our discussion in design summit , I have redone the service_id binding with roles BPhttps://blueprints.launchpad.net/keystone/+spec/serviceid-binding-with-role-definition. I have added a new BP (link below) along with detailed use case to support this BP.

[openstack-dev] [keystone] Does authorization not needed on “/auth/tokens” API??

2013-07-25 Thread Tiwari, Arvind
Mailing List Cc: Tiwari, Arvind Subject: Re: [openstack-dev] [keystone] Extending policy checking to include target entities I have responded to your post, as I dont think it solves the identified problem regards David On 24/07/2013 23:26, Tiwari, Arvind wrote: I have added my proposal

Re: [openstack-dev] [barbican]

2013-07-23 Thread Tiwari, Arvind
are on track for our 1.0 release for Havana. I would encourage anyone interested to check our what we are working on and come help us out. We use this list for most of our discussions and we hang out on #openstack-cloudkeep on free node. From: Tiwari, Arvind [mailto:arvind.tiw...@hp.com] Sent

Re: [openstack-dev] [keystone] Extending policy checking to include target entities

2013-07-23 Thread Tiwari, Arvind
Hi Henry, Do you have etherpad to capture these stuff? Arvind -Original Message- From: Henry Nash [mailto:hen...@linux.vnet.ibm.com] Sent: Tuesday, July 23, 2013 4:48 PM To: David Chadwick Cc: OpenStack Development Mailing List Subject: Re: [openstack-dev] [keystone] Extending

[openstack-dev] [barbican]

2013-07-22 Thread Tiwari, Arvind
Hi All, I am following Barbican project and I have some question around it, I would appreciate if someone can answer them or point me to the correct resource 1. What is the state of the project, is it in the state where it can be utilized in production deployments? 2.Dose

Re: [openstack-dev] New BP - ServiceId binding with role definition

2013-06-24 Thread Tiwari, Arvind
All, Added etherpad link, please share your comments or suggestion https://etherpad.openstack.org/serviceid-binding-with-role-definition Arvind From: Tiwari, Arvind Sent: Wednesday, June 19, 2013 4:42 PM To: OpenStack Development Mailing List Subject: New BP - ServiceId binding with role

[openstack-dev] New BP - ServiceId binding with role definition

2013-06-19 Thread Tiwari, Arvind
All, I have added a new BP, which advocates service id binding with role definition https://blueprints.launchpad.net/keystone/+spec/serviceid-binding-with-role-definition Please look at it and share your comments. Arvind ___ OpenStack-dev mailing