Interesting. The paper says that the implementation was based on the Havana release. Just out of curiosity, does anyone know if the code is public?
On Mon, Dec 14, 2015 at 6:38 PM, darren wang <darren_w...@outlook.com> wrote: > Hi Dolph, > > > > Here it is, > http://profsandhu.com/confrnc/misconf/nss14-preprint-bo.pdf > > > > You may have a look at it and see if it’s reasonable. > > > > Darren > > > > *发件人:* Dolph Mathews [mailto:dolph.math...@gmail.com] > *发送时间:* 2015年12月15日 6:10 > *收件人:* OpenStack Development Mailing List (not for usage questions) < > openstack-dev@lists.openstack.org> > *主题:* Re: [openstack-dev] [keystone] Is "domain" a mapping to real-world > cloud tenant? > > > > Unfortunately, "tenancy" has multiple definitions in our world so let me > try to clarify further! Do you have a link to that paper? > > > > Tenants (v2) and projects (v3) have a history as serving to isolate the > resources (VMs, networks, etc) of multiple tenants. They literally provide > for multitenancy. > > > > Domains exist at a higher level, and actually (unfortunately) serve a > multiple purposes. > > > > The first of which is as a container for multiple tenants/projects - think > of domains as the billable entity in a public cloud. A single domain might > be responsible for deploying multiple department's or project's resources > in the cloud (each of which requires multi-tenant isolation, and thus has > many tenants/projects). > > > > The second purpose is that of authorization -- in keystone, you might need > domain-level authorization to create projects and assign roles. The same > might apply to domain-specific quotas, domain-specific policies, and other > domain-level concerns. > > > > Lastly, domains serve as a namespaces for users and groups (identity / > authentication) within keystone itself. They are analogous to identity > providers in that regard. > > > > Hope this helps! > > > > On Mon, Dec 14, 2015 at 2:56 AM, darren wang <darren_w...@outlook.com> > wrote: > > Hi, > > > > I am wondering whether “domain” is a mapping to a real-world cloud tenant > (not the counterpart of “project” in v2 Identity API) because recently I > read a paper that describes “domain” as a fit for the abstract concept “cloud > tenant”. Does this saying stay in line with community’s purpose? > > > > Thanks! > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev