On Fri, Mar 04, 2011 at 09:46:16AM -0500, Jay Pipes wrote: > Are you proposing that an entity always be the owner of something?
I'm proposing every resources has an owner. > If so, I dislike using the term "entity", since entity does not imply > ownership. I'd prefer "owner" or "account", since the latter implies > control over something. Entity connotes neither ownership nor control. Sure, and I think with other discussions we've moved back to 'account'. I just needed to use something different to not confuse with swift 'accounts' in case we wanted something different. > I'd like to get the semantics around these terms correct. We've > already run into numerous issues with the term "metadata" and I really > don't feel like introducing another source of confusion in both the > documentation and the code comments. We'll have accounts. You can be authenticated as a certain account, all resources are owned by one account, and resources/accounts can provide ACLs/roles to other accounts. This means for your deployment an account can be a user, project, /etc/group, dog, cat, etc. It's up to the IDM to map whatever you're using into accounts for OpenStack services, and the authz system to manage relationships between those accounts. -Eric _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
