Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Slice manager authorization model proposal #3

Open
alfonsoegio opened this issue Oct 22, 2018 · 1 comment
Open

Slice manager authorization model proposal #3

alfonsoegio opened this issue Oct 22, 2018 · 1 comment

Comments

@alfonsoegio
Copy link
Member

First approach to authorization regarding ownership of different resources handled by slice-manager:

1 - If a user POSTs a compute (owner) this user is the one who can POST Openstack Projects over that compute giving access to another users

2 - Same as 1 applies for physical networks and Openstack VLANs.

3 - Once a Compute/Physical Network Owner gives access to resources to another user chunking them as Openstack Projects/Openstack VLANs, this user can now deploy network service instances on top of the slice from a network service (previously published in the OSM catalogue) freely as long as the system tracks which user is using which service belonging to the network service vendor (the one who registered it on slice-manager).

@papagap
Copy link

papagap commented Oct 22, 2018

I think 1 and 2 are quite clear (though still to be checked if easy to do with Gravity).
For 3, we might have to "translate" it to something directly related to the API, e.g.:
"POST network_service_instance is allowed if param X and param Y belong to the same user that tries to perform the POST" (which then has to be confirmed with a different API invocation..?).

Let's accompany these three rules -as agreed- with an example sequence of API calls (that should either fail or succeed). Or have you provided one already?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants