cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <akaras...@apache.org>
Subject Re: really bad UI design
Date Tue, 14 Aug 2012 12:33:01 GMT
On Thu, Aug 9, 2012 at 2:45 AM, Alex Huang <Alex.Huang@citrix.com> wrote:

> >
> > To sum it up, let's say we need a fine grained Role Based Access Control
> > (RBAC) model in CloudStack. Are we using anything specific now or is it
> just
> > ad hoc code to handle the handful of cases that already exist?
> >
> Agreed ACL in CloudStack is limping.  We're looking to change that and
> introduce a RBAC model in Campo release.
>
>
Please excuse the late response. I am traveling and have little to no
Internet connectivity. There are some API's out there like OpenLDAP's
Fortress but this binds you to OpenLDAP which is not an option IMO. It's
really nice though because it adheres to the NIST role based access control
model and supports directories where this information should really be
managed.

There's Apache Shiro and Spring Security but I personally feel these API's
have become bloated and centered around JEE environments. I am looking for
a simple core NIST role based access control model API that can be bound to
any of these at deploy time. Something more in like with KISS principles
without considering the environment yet can be used in any environment.

It does not take much to whip something like this out. This is one of my
todo pet projects and I'll also keep an eye out on cloudstack needs to make
sure it's applicable. Just making it a generalized role based access
control model API should allow it's application in all situations.


> Is there any suggestion on what we should base this model with?  Any
> existing systems we should take advantage of?
>
>
I think I covered most of this above. However whatever is chosen it should
comply with the NIST role based access control model. You cannot go wrong
if you do this.

I'll start actively researching this over the next few weeks after I get
back home, unless of course others beat me to it first.

-- 
Best Regards,
-- Alex

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message