Ruan, The hook is the easy part, having the data you need for making the decision is harder.
-- Dims On Thu, Aug 10, 2017 at 10:51 AM, <ruan...@orange.com> wrote: > Dims, > There is a similar prototype https://review.openstack.org/#/c/237521/. > Our idea is to provide a more generic one instead of Fortress. > Ruan > > > -----Original Message----- > From: Davanum Srinivas [mailto:dava...@gmail.com] > Sent: jeudi 10 août 2017 16:32 > To: OpenStack Development Mailing List (not for usage questions) > Cc: DUVAL Thomas OBS/OAB > Subject: Re: [openstack-dev] [openstack][oslo.policy] A new Keystone-Oslo > hook for external PDP > > Ruan, > > Have you prototyped to see if you have all the information you need is > available in the context (or can be gathered from Nova)? > ( quickly check what the existing HttpCheck mechanism sends over the wire ) > > Thanks, > Dims > > On Thu, Aug 10, 2017 at 10:17 AM, <ruan...@orange.com> wrote: >> Hello, >> >> We would like to have an external and centralized security policy >> engine >> (PDP) that can pilot both OpenStack and SDN controllers. For this >> reason, we have developed and upstreamed a hook for the new >> OpenDaylight release Carbon >> (https://git.opendaylight.org/gerrit/#/c/46146/), and we’d like to develop a >> similar hook for the OpenStack/Oslo-policy. >> >> >> >> A blueprint was submitted to >> https://blueprints.launchpad.net/pbr/+spec/external-pdp-for-oslo-polic >> y, and the spec is submitted to https://review.openstack.org/#/c/492543/. >> >> We hope that this topic can be discussed in the next oslo meeting. >> >> Thank you, >> >> Ruan HE >> >> >> >> ______________________________________________________________________ >> ___________________________________________________ >> >> Ce message et ses pieces jointes peuvent contenir des informations >> confidentielles ou privilegiees et ne doivent donc pas etre diffuses, >> exploites ou copies sans autorisation. Si vous avez recu ce message >> par erreur, veuillez le signaler a l'expediteur et le detruire ainsi >> que les pieces jointes. Les messages electroniques etant susceptibles >> d'alteration, Orange decline toute responsabilite si ce message a ete >> altere, deforme ou falsifie. Merci. >> >> This message and its attachments may contain confidential or >> privileged information that may be protected by law; they should not >> be distributed, used or copied without authorisation. >> If you have received this email in error, please notify the sender and >> delete this message and its attachments. >> As emails may be altered, Orange is not liable for messages that have >> been modified, changed or falsified. >> Thank you. >> >> >> ______________________________________________________________________ >> ____ OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > > -- > Davanum Srinivas :: https://twitter.com/dims > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu > ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete > this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Davanum Srinivas :: https://twitter.com/dims __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev