Re: [Netstack] Tackling authN/authZ for Diablo-4

2011-08-09 Thread Dan Wendlandt
d a separate blueprint? Dan > > > ** ** > > Regards, > > Salvatore > > ** ** > > *From:* netstack-bounces+salvatore.orlando= > eu.citrix@lists.launchpad.net [mailto: > netstack-bounces+salvatore.orlando=eu.citrix@lists.launchpad.net] *

Re: [Netstack] Tackling authN/authZ for Diablo-4

2011-08-09 Thread Salvatore Orlando
ore Orlando Sent: 03 August 2011 23:34 To: Sumit Naiksatam (snaiksat); netstack@lists.launchpad.net Subject: Re: [Netstack] Tackling authN/authZ for Diablo-4 Hi Sumit, I used the terms "tenant" and "user" according to their definition for Keystone. Tenant: A container used to gr

Re: [Netstack] Tackling authN/authZ for Diablo-4

2011-08-03 Thread Salvatore Orlando
et Subject: RE: [Netstack] Tackling authN/authZ for Diablo-4 Thanks Salv for spelling out the deliverables on this topic. On the point of the "simplified mode", I wasn't very clear on what you meant by "Although in theory several users can be defined for a tenant, we will assume t

Re: [Netstack] Tackling authN/authZ for Diablo-4

2011-08-03 Thread Sumit Naiksatam (snaiksat)
which you mention is not in scope for Diablo. Thanks, ~Sumit. From: netstack-bounces+snaiksat=cisco@lists.launchpad.net [mailto:netstack-bounces+snaiksat=cisco@lists.launchpad.net] On Behalf Of Salvatore Orlando Sent: Wednesday, August 03, 2011 7:22 AM To: netstack@lists.launchpad.net

Re: [Netstack] Tackling authN/authZ for Diablo-4

2011-08-03 Thread Mark T. Voelker
Salvatore, This sounds good to me; thanks for the writeup! I think the simplified model is a good first target for Diablo. > o This can be handled with an authZ middleware which will precede > the API app in the wsgi pipeline. Even if it could be handled within > the API layer, I reckon it wil

Re: [Netstack] Tackling authN/authZ for Diablo-4

2011-08-03 Thread Salvatore Orlando
Thanks Dan. I'll take care of updating the blueprint. Salvatore From: Dan Wendlandt [mailto:d...@nicira.com] Sent: 03 August 2011 16:13 To: Salvatore Orlando Cc: netstack@lists.launchpad.net Subject: Re: [Netstack] Tackling authN/authZ for Diablo-4 Hi Salvatore, great summary o

Re: [Netstack] Tackling authN/authZ for Diablo-4

2011-08-03 Thread Dan Wendlandt
Hi Salvatore, great summary of our discussions. I'm definitely in favor of focusing on this "basic" auth model for the Diablo timeframe. Definitely agree that this will use Keystone, but as you mention, this basic use of keystone should be essentially plug-n-play. You and I will coordinate on co

[Netstack] Tackling authN/authZ for Diablo-4

2011-08-03 Thread Salvatore Orlando
Hi, During yesterday's meeting we agreed that we needed to have some form of authentication and authorization in Quantum for Diablo. We also agreed we will be doing Keystone integration (please correct me if I'm wrong). I think we can safely say what we will NOT deliver for Diablo: * F