cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Huang <Alex.Hu...@citrix.com>
Subject RE: really bad UI design
Date Wed, 15 Aug 2012 13:44:41 GMT
Alex,

Please keep us updated.  We probably should move this thread over to dev list as well.

--Alex

> -----Original Message-----
> From: akarasulu@gmail.com [mailto:akarasulu@gmail.com] On Behalf Of
> Alex Karasulu
> Sent: Tuesday, August 14, 2012 5:33 AM
> To: cloudstack-users@incubator.apache.org
> Subject: Re: really bad UI design
> 
> On Thu, Aug 9, 2012 at 2:45 AM, Alex Huang <Alex.Huang@citrix.com> wrote:
> 
> > >
> > > To sum it up, let's say we need a fine grained Role Based Access
> > > Control
> > > (RBAC) model in CloudStack. Are we using anything specific now or is
> > > it
> > just
> > > ad hoc code to handle the handful of cases that already exist?
> > >
> > Agreed ACL in CloudStack is limping.  We're looking to change that and
> > introduce a RBAC model in Campo release.
> >
> >
> Please excuse the late response. I am traveling and have little to no Internet
> connectivity. There are some API's out there like OpenLDAP's Fortress but
> this binds you to OpenLDAP which is not an option IMO. It's really nice
> though because it adheres to the NIST role based access control model and
> supports directories where this information should really be managed.
> 
> There's Apache Shiro and Spring Security but I personally feel these API's
> have become bloated and centered around JEE environments. I am looking
> for a simple core NIST role based access control model API that can be bound
> to any of these at deploy time. Something more in like with KISS principles
> without considering the environment yet can be used in any environment.
> 
> It does not take much to whip something like this out. This is one of my todo
> pet projects and I'll also keep an eye out on cloudstack needs to make sure
> it's applicable. Just making it a generalized role based access control model
> API should allow it's application in all situations.
> 
> 
> > Is there any suggestion on what we should base this model with?  Any
> > existing systems we should take advantage of?
> >
> >
> I think I covered most of this above. However whatever is chosen it should
> comply with the NIST role based access control model. You cannot go wrong
> if you do this.
> 
> I'll start actively researching this over the next few weeks after I get back
> home, unless of course others beat me to it first.
> 
> --
> Best Regards,
> -- Alex

Mime
View raw message