I don't see how one would give access to an entire organization at once. That was the purpose of returning multiple subjects from auth in the other proposal. If I want to give everyone in the "bar" organization in my instance, the check somehow has to be able to find out that bob is a member of "bar". Getting multiple subjects back from auth makes this easy because bob could be in a member of different subjects that would all be returned: [group:workers] [organization:bar] etc... And I can just say (organization:bar, can_halt, alice) is there a way to do this type of thing in this proposal?
Vish On Apr 4, 2011, at 1:19 PM, Sandy Walsh wrote: > Phew, ok, I've boiled down the various federated AuthZ discussions with eday, > vish & jorge. > > I've superseded the old blueprint since the bulk of the work is clearly in > the Federated AuthZ camp and not the AuthN camp. > > http://wiki.openstack.org/FederatedAuthZwithZones > > Shorter and more succinct. Should address many of the issues that have arisen > to date. > > -S > > > Confidentiality Notice: This e-mail message (including any attached or > embedded documents) is intended for the exclusive and confidential use of the > individual or entity to which this message is addressed, and unless otherwise > expressly indicated, is confidential and privileged information of Rackspace. > Any dissemination, distribution or copying of the enclosed material is > prohibited. > If you receive this transmission in error, please notify us immediately by > e-mail > at ab...@rackspace.com, and delete the original message. > Your cooperation is appreciated. > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp