Hi all, I would propose a solution to go a step further because using Geant it is impossible to do any business. For sustainability matter and to avoid what happened recently we should go for FIWARE Lab has a global portal hosting links to access local platforms. In this case we should not need delegation of IdM and just a local IdM to manage local accounts. To have a global view of what are resources consumed by FIWARE Lab is just a matter of dashboard and does not need IdM features. In addition, with this system, a local platform could easily provide a commercial offer, using the same local IdM, switching a trial user into a commercial user. BR Thierry De : fiware-lab-recovery-tf-bounces at lists.fiware.org [mailto:fiware-lab-recovery-tf-bounces at lists.fiware.org] De la part de Juanjo Hierro Envoyé : mercredi 20 mai 2015 17:17 À : Federico Michele Facca; fiware-lab-rec. Objet : Re: [Fiware-lab-recovery-tf] question from arian Hi Federico, I was aware about the issue, that's why I explained that my assumption was that not all the issues had been solved with the new IdM version. In my opinion, this is one of the major points that should be tackled within FI-Core. Indeed trying to get the solution ready for the integration of new nodes in September (selected through the Open Call or deciding to join FIWARE Lab on their own). Let's start the discussion during the coming weeks. Where do we want it to be tackled? Within the FI-Ops the or the FIWARE Cloud chapter? Probably a good approach would be to kick-off this in one of our monday regular architects meeting we have just started and then follow up. Next Monday it was planned to discuss about dockers and stuff like this. I wonder whether we can collocate it there or call for a specif meeting. Suggestions? Best regards, -- Juanjo On 20/05/15 15:36, Federico Michele Facca wrote: dear juanjo, my 2 cents on arian's question: The problem mentioned by arian is not solved, since idm/keystone is a single central service not high available in multiple locations beyond spain (such as the portal) - which does not reflect openstack usual architecture deployment for multi-region openstack. The default architecture for multi region keystone could not be applied since it requires to host user data outside spain. CREATE-NET proposed a solution (which was having a single keystone per node) using delegation to authenticate users using oauth2 from the "main" keystone, the advantages of such solution would have been: a - nodes don't fail when central keystone is not available. b - nodes can support both local users and FIWARE Lab users making "entering in the game" for without funding much cheaper the solution would require anyhow: - requires some changes in portal - requires some changes in blueprint engine thus basically - eventhough developed and partially tested - it was not moved ahead. alternative solutions may be based on saml, but i have the feeling this will get more complex for the portal and blueprints. best, federico -- -- Future Internet is closer than you think! http://www.fiware.org Official Mirantis partner for OpenStack Training https://www.create-net.org/community/openstack-training -- Dr. Federico M. Facca CREATE-NET Via alla Cascata 56/D 38123 Povo Trento (Italy) P +39 0461 312471 M +39 334 6049758 E federico.facca at create-net.org<mailto:federico.facca at create-net.org> T @chicco785 W www.create-net.org<http://www.create-net.org> -- ______________________________________________________ Coordinator and Chief Architect, FIWARE platform CTO Industrial IoT, Telefónica email: juanjose.hierro at telefonica.com<mailto:juanjose.hierro at telefonica.com> twitter: @JuanjoHierro You can follow FIWARE at: website: http://www.fiware.org twitter: @FIWARE facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-lab-recovery-tf/attachments/20150521/feb3bdf0/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy