I could see service users and security / operations teams having a need to span many domains.
-Matt On Tue, Jul 17, 2012 at 11:24 PM, Tim Bell <tim.b...@cern.ch> wrote: > ** ** > > I thought that the v3 API supports domains as a group of tenants which > would make the question rather different.**** > > ** ** > > Thus, I guess the question is**** > > ** ** > > **A. **Should there be users in multiple tenants in a single domain ? > **** > > **B. **Should there be users in multiple domains ?**** > > ** ** > > There are clear use cases for A (such as researchers working on multiple > projects sharing project quotas)**** > > ** ** > > For B, it is less clear as if I am a domain administrator, I do not want > to be told that I cannot allocate user X since another domain has already > taken it. On the other hand, there is a clear architectural benefit from > having the concept of identity (and authentication) split off from roles > and projects.**** > > ** ** > > Tim**** > > ** ** > > *From:* openstack-bounces+tim.bell=cern...@lists.launchpad.net [mailto: > openstack-bounces+tim.bell=cern...@lists.launchpad.net] *On Behalf Of *John > Postlethwait > *Sent:* 18 July 2012 07:42 > *To:* Rouault, Jason (Cloud Services) > *Cc:* openstack@lists.launchpad.net > > *Subject:* Re: [Openstack] Identity API v3 - Why allow multi-tenant users? > **** > > ** ** > > Forcing a user to remember different usernames and/or passwords for each > project they are a part of, when it is possible they are part of N > projects, really isn't an acceptable option in my opinion.**** > > ** ** > > I believe that regardless of the engineering complexities, the end users > shouldn't have to feel pain in order to make engineering the solutions and > features they interact with easier. Software is for end users (in their > various forms) and as such we need to take that into account when we make > decisions. While no functionality is lost per se, there is a major end-user > impact, and that should be reason enough to implement it…**** > > ** ** > > ** ** > > John Postlethwait**** > > Nebula, Inc.**** > > 206-999-4492**** > > ** ** > > On Tuesday, July 17, 2012 at 4:15 PM, Rouault, Jason (Cloud Services) > wrote:**** > > One benefit is the user does not need to have multiple sets of credentials > to interact with multiple projects.**** > > **** > > Jason**** > > **** > > *From:* openstack-bounces+jason.rouault=hp....@lists.launchpad.net [ > mailto:openstack-bounces <openstack-bounces>+jason.rouault= > hp....@lists.launchpad.net] *On Behalf Of *Adam Young > *Sent:* Tuesday, July 17, 2012 11:55 AM > *To:* openstack@lists.launchpad.net > *Subject:* Re: [Openstack] Identity API v3 - Why allow multi-tenant users? > **** > > **** > > On 05/29/2012 01:18 PM, Caitlin Bestler wrote:**** > > One of the major complication I see in the API is that users can be > associated with multiple tenants.**** > > **** > > What is the benefit of this? What functionality would be lost if a human > user merely had to use a different account with each tenant?**** > > **** > > There are numerous issues with multi-tenant users. For example, if a user > is associated with multiple tenants, who resets the user’s password?**** > > **** > > > > **** > > _______________________________________________**** > > Mailing list: https://launchpad.net/~openstack**** > > Post to : openstack@lists.launchpad.net**** > > Unsubscribe : https://launchpad.net/~openstack**** > > More help : https://help.launchpad.net/ListHelp**** > > Did you ever get an answer? This has been discussed in depth.**** > > _______________________________________________**** > > Mailing list: https://launchpad.net/~openstack**** > > Post to : openstack@lists.launchpad.net**** > > Unsubscribe : https://launchpad.net/~openstack**** > > More help : https://help.launchpad.net/ListHelp**** > > ** ** > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
