I thought that the v3 API supports domains as a group of tenants which would 
make the question rather different.

 

Thus, I guess the question is

 

A.      Should there be users in multiple tenants in a single domain ?

B.      Should there be users in multiple domains ?

 

There are clear use cases for A (such as researchers working on multiple 
projects sharing project quotas)

 

For B, it is less clear as if I am a domain administrator, I do not want to be 
told that I cannot allocate user X since another domain has already taken it. 
On the other hand, there is a clear architectural benefit from having the 
concept of identity (and authentication) split off from roles and projects.

 

Tim

 

From: openstack-bounces+tim.bell=cern...@lists.launchpad.net 
[mailto:openstack-bounces+tim.bell=cern...@lists.launchpad.net] On Behalf Of 
John Postlethwait
Sent: 18 July 2012 07:42
To: Rouault, Jason (Cloud Services)
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Identity API v3 - Why allow multi-tenant users?

 

Forcing a user to remember different usernames and/or passwords for each 
project they are a part of, when it is possible they are part of N projects, 
really isn't an acceptable option in my opinion.

 

I believe that regardless of the engineering complexities, the end users 
shouldn't have to feel pain in order to make engineering the solutions and 
features they interact with easier. Software is for end users (in their various 
forms) and as such we need to take that into account when we make decisions. 
While no functionality is lost per se, there is a major end-user impact, and 
that should be reason enough to implement it…

 

 

John Postlethwait

Nebula, Inc.

206-999-4492

 

On Tuesday, July 17, 2012 at 4:15 PM, Rouault, Jason (Cloud Services) wrote:

One benefit is the user does not need to have multiple sets of credentials to 
interact with multiple projects.

 

Jason

 

From: openstack-bounces+jason.rouault=hp....@lists.launchpad.net 
[mailto:openstack-bounces+jason.rouault=hp....@lists.launchpad.net] On Behalf 
Of Adam Young
Sent: Tuesday, July 17, 2012 11:55 AM
To: openstack@lists.launchpad.net
Subject: Re: [Openstack] Identity API v3 - Why allow multi-tenant users?

 

On 05/29/2012 01:18 PM, Caitlin Bestler wrote:

One of the major complication I see in the API is that users can be associated 
with multiple tenants.

 

What is the benefit of this? What functionality would be lost if a human user 
merely had to use a different account with each tenant?

 

There are numerous issues with multi-tenant users. For example, if a user is 
associated with multiple tenants, who resets the user’s password?

 





_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Did you ever get an answer?  This has been discussed in depth.

_______________________________________________

Mailing list: https://launchpad.net/~openstack

Post to : openstack@lists.launchpad.net

Unsubscribe : https://launchpad.net/~openstack

More help : https://help.launchpad.net/ListHelp

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Reply via email to