On 05/09/2014 08:00 AM, Ageeleshwar Kandavelu wrote:
Hi,
Your first hop is keystone project. It is the openstack identity
management system. Try to get a picture of how the various other parts
of openstack interact with keystone for providing their service.
Second you should look into policy.json file. There is a policy.json
for every service under /etc/<service_name>. I have not used this so
far and can not offer any more information. Hope other openstack
developers throw up some.
Thank you,
Ageeleshwar K
------------------------------------------------------------------------
*From:* Priya Sharma [priya_sha...@persistent.co.in]
*Sent:* Friday, May 09, 2014 4:55 PM
*To:* 'd...@cloudstack.apache.org'; 'us...@cloudstack.apache.org';
openstack@lists.openstack.org
*Subject:* [Openstack] How to implement: Role based access control
using XACML and SAML over rest for cloud
Hi All,
I am pursuing MTech and my MTech project is "Role based access control
using XACML and SAML over rest for cloud".
I am familiar with Technologies/platform
·Role based access control
·XACML
·SAML
·Linux environment
But not aware how all this work in cloud. My aim is to implement the
role based access control for cloud ,my sole purpose is cloud security.
Herein I am attaching the architecture diagram, I initially came up with.
Any suggestion in thearchitect and how to implement role based access
control in cloud ,will be helpful.
Keystone does RBAC, but does not use SAML or XACML to implement it. Sorry.
We could, however, use your experince with those in expanding the RBAC
capabilities of Keystone. We are looking to use an XACLM-like system
for distributed policy, and are still in the design stages.
Thanks
Priya
DISCLAIMER ========== This e-mail may contain privileged and
confidential information which is the property of Persistent Systems
Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please
notify the sender and delete all copies of this message. Persistent
Systems Ltd. does not accept any liability for virus infected mails.
http://www.csscorp.com/common/email-disclaimer.php
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
