Hi Jason, would you be able to give us an update on the long-term plans for "true" multi-tenancy in GAE? Is this in the hopper for delivery, or just promise-ware at this point? thanks Murray
On Oct 9, 2:48 pm, "Jason (Google)" <apija...@google.com> wrote: > For your first application, you might look into OpenID. I believe that this > is the way that Socialwok establishes user identity allowing Gmail and > Google Apps accounts onto the same system without creating multiple apps for > each: > > http://www.socialwok.com/ > > You'll notice that the first thing that appears is a Login with Google > button, which shows you all Google accounts that the current user is signed > into at the given time. > > As far as your second application goes, the most straightforward way of > segregating data is segregating the datastore itself by registering multiple > application IDs. Normally, this is against the TOS, but we review > applications submitted via the form linked in my earlier post and will grant > exceptions to applications with a clear need. But if you want to keep all > data in one datastore, I would personally just include a domain field and/or > account field in the individual kinds for easy filtering rather than segment > the kinds themselves. Still, if that's the solution you choose and it's > working for you, then there shouldn't be any reason why you need to change > your setup. Your setup negates the need to do extra filtering when returning > the entities and won't run any less efficiently. > > - Jason > > On Thu, Oct 8, 2009 at 8:29 PM, Roy Smith <roy.smith....@googlemail.com>wrote: > > > Hi Jason > > Thanks for the link. That would work for one of my apps, but not the other. > > Here are my two scenarios. > > > App 1. > > This is intended to be an instant sign-up, no human intervention business > > app. It should be equally open to @gmail.com and @domain.com users. The > > app has a common datastore for all users. I would expect thousands of > > domains to become users. > > > App 2. > > This is a more consultative app, where having multiple App Ids could work. > > Unlike App 1, each customer (where customer is an organisation rather than > > an individual) of this App need their data to be segregated. > > > On segregation, I'd be interested in your comments on the approach I'm > > taking at the moment. I have my own persistence layer (PL) between my > > business logic and the LLAPI. My PL appends the userId to the Kind name for > > certain entity types. So I end up with a schema containing (for example) a > > single Kind called "SystemWideParameters" and Kinds called " > > d...@domain1.com", "e...@domain1.com", "d...@domain2.com", > > "e...@domain2.com". > > Can you see any drawbacks to that approach, such as a limit on number of > > Kinds that a single app may have? > > > On Thu, Oct 8, 2009 at 9:55 PM, Jason (Google) <apija...@google.com>wrote: > > >> There is no support for true multi-tenant App Engine apps right now. For > >> now, we are encouraging developers who want to build an App Engine app and > >> deploy it to many clients to complete a multi-instance exception request > >> form, and once approved, work with their clients to create a new > >> application > >> ID for each client with authentication configured for that client's domain. > >> As I said, the class of users who can use their Google Apps account to sign > >> in to non-Google Apps deployed apps is not well defined, so each client > >> will > >> need a separate app ID configured for their organization's domain. > >> Here's the form: > > >>http://code.google.com/support/bin/request.py?contact_type=AppEngineM... > > >> - Jason > > >> On Wed, Oct 7, 2009 at 3:04 PM, Roy Smith > >> <roy.smith....@googlemail.com>wrote: > > >>> Thanks for the explanation. My app is for small businesses, who I am > >>> encouraging to sign up for a Google Apps domain. Are you saying that there > >>> are steps they can take to ensure that their GApps domains are eligible > >>> for > >>> authentication to my GAE app? > > >>> On Wed, Oct 7, 2009 at 10:58 PM, Jason (Google) > >>> <apija...@google.com>wrote: > > >>>> Hi Roy. Say I have my own Google Apps domain, example.com. When I > >>>> create an application, I can choose to restrict authentication such that > >>>> only those users who have example.com accounts can sign in. Otherwise, > >>>> if I don't specify a domain, then Gmail users and other standard Google > >>>> account holders can sign in. But there is also a not-well-defined class > >>>> of > >>>> users that have an account (or alias) on a Google Apps domain that is > >>>> also > >>>> set up as a Google account, meaning they can sign in to regular, non > >>>> Google > >>>> Apps-services with it. If this is the case with you, then you're in this > >>>> class. :) There are plans to make this less confusing and more defined > >>>> going > >>>> forward. > > >>>> - Jason > > >>>> On Tue, Oct 6, 2009 at 6:51 PM, Roy <roy.smith....@googlemail.com>wrote: > > >>>>> I've seen comments that a GAE app. must be declared for authentication > >>>>> via gmail/googlemail OR via a specific Google Apps domain, but not > >>>>> both. > > >>>>> I have an app declared as public and I can authenticate to it using a > >>>>> GApps email address without problem ... which is perfect for my > >>>>> requirement. > > >>>>> Am I missing something? > > >>>>> best > >>>>> Roy > > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=.
