-Original Message-
From: sebgoa [mailto:run...@gmail.com]
Sent: Wednesday, January 22, 2014 12:41 AM
To: dev@cloudstack.apache.org
Subject: Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)
On Jan 21, 2014, at 10:57 PM, Prachi Damle wrote:
> Min and myself would like
-Original Message-
From: Min Chen [mailto:min.c...@citrix.com]
Sent: Wednesday, January 22, 2014 10:16 AM
To: dev@cloudstack.apache.org
Subject: Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)
Hi Rajani,
See my answers in line.
Thanks
On 1/22/14 6:29 AM
Hi Rajani,
See my answers in line.
Thanks
On 1/22/14 6:29 AM, "Rajani Karuturi" wrote:
>some questions I have:
>1. Do we need groups and policies? Cant we derive group information from
>policy applied? ie) any user can become domain admin if he is given the
>right policies.
[Min
Hi Koushik,
See my answers in line.
Thanks.
-min
On 1/22/14 12:30 AM, "Koushik Das" wrote:
>Some questions:
>
>- Is there a concept of generic permission (any action, any resource
>etc.)? There shouldn't be a need to define hundreds of explicit
>permissions for admin ac
some questions I have:
1. Do we need groups and policies? Cant we derive group information from policy
applied? ie) any user can become domain admin if he is given the right policies.
2. Can we restrict the permission to Resource Type's CRUD? permissions at api
level seems to be like too much of
On Jan 21, 2014, at 10:57 PM, Prachi Damle wrote:
> Min and myself would like to propose an identity and access management plugin
> for CloudStack for the ACS 4.4 release.
>
> Here is the functional spec we have drafted for the first phase:
> https://cwiki.apache.org/confluence/display/CLOUDST
Some questions:
- Is there a concept of generic permission (any action, any resource etc.)?
There shouldn't be a need to define hundreds of explicit permissions for admin
account.
- I think it would be good to have a notion of parent policy. This will avoid
duplication of permissions.
- Can you
-Original Message-
From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com]
Sent: Tuesday, January 21, 2014 4:27 PM
To: dev@cloudstack.apache.org
Subject: Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)
Also not clear on how the dedicateXyZ problem is being solved in
Some answers inline.
Prachi
-Original Message-
From: Chiradeep Vittal [mailto:chiradeep.vit...@citrix.com]
Sent: Tuesday, January 21, 2014 4:20 PM
To: dev@cloudstack.apache.org
Subject: Re: [Proposal]CloudStack IAM plugin feature (CLOUDSTACK-5920)
SAML 2.0 is not precluded with this
Also not clear on how the dedicateXyZ problem is being solved in Phase1
(or not).
Can I (end user) create a VPC and allow user Bob to create VMs in my VPC?
On 1/21/14 4:20 PM, "Chiradeep Vittal" wrote:
>SAML 2.0 is not precluded with this design, it seems.
>I found the FS both confusing and illu
SAML 2.0 is not precluded with this design, it seems.
I found the FS both confusing and illuminating. I think what confuses me
is the interchange of 'acl', 'iam' and 'policy'.
Especially since ACL is used in the networking context.
IMO, renaming the tables and APIs to not use ACL but IAM would cla
On Tue, Jan 21, 2014 at 10:57 PM, Prachi Damle wrote:
> Min and myself would like to propose an identity and access management
> plugin for CloudStack for the ACS 4.4 release.
>
> Here is the functional spec we have drafted for the first phase:
>
> https://cwiki.apache.org/confluence/display/CLOUD
12 matches
Mail list logo