[Fiware-lab-recovery-tf] question from arian

Federico Michele Facca federico.facca at create-net.org
Thu May 21 12:06:07 CEST 2015
Previous message: [Fiware-lab-recovery-tf] question from arian
Next message: [Fiware-lab-recovery-tf] question from arian
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
i can't, but as said, alessandro as FIWARE Ops chapter architect will be in
the call.

On Thu, May 21, 2015 at 12:04 PM, Juanjo Hierro <
juanjose.hierro at telefonica.com> wrote:

>  Gentlement,
>
>   I would like to call for a discussion on this matter in next architect
> sesssion, Monday May 25th.
>
>   Please confirm whether you would be available and then we try to come
> with an action plan to drive progress in the coming montsh.
>
>   Best regards,
>
> -- Juanjo
>
>
> On 21/05/15 11:56, Federico Michele Facca wrote:
>
> hi,
> if we go for just local accounts, we break the concept of FIWARE ecosystem
> and single point of entry. so, from side that's not the way to go. keep
> into account that oauth delegation or saml federation WILL enable the
> commercial usage (each node, beyond the federated users - may have its
> local users and tools).
>
>  I am more in favour of a solution that support both modalities (that
> could be based on oauth delegation or saml federation, I don't really
> care). FIWARE Ops chapter may work on this aspects for the keystone side
> (we can consider this indeed a "operation" issue), but I am afraid this
> will not be enough since also portal and other "global" services may be
> affected and this will require work from Cloud chapter guys.
>
>  currently there is a SAML federation work in the OpenStack community.
> but we need to investigate how this align with current oauth based keystone.
>
>  i will be out for three weeks, so i would not be able to kick off such
> action before end of june. anyhow, alessandro is the chapter leader (and
> architect) so he can coordinate this discussion with the cloud chapter.
>
>  best,
> federico
>
> On Thu, May 21, 2015 at 11:09 AM, stefano de panfilis <
> stefano.depanfilis at eng.it> wrote:
>
>> dear thierry,
>>
>>  not sure your approach preserves the distributed nature of fiware lab
>> which is guaranteed by the federation concept.
>>
>>  as you know at the moment a user can have different vms in different
>> nodes (actually i do have) the approach you are proposing seems, may be i'm
>> wrong, making this more complicated. i think this is a value we cannot
>> loose as it is still a differentiator fiware has and not possesd by other
>> platforms.
>>
>>  so we have to find a solution which shares the idm, but also keeps the
>> federation notion fully implemented.
>>  as juanjo was suggesting i agree a dedicate task, most likely to me in
>> fi-ops, should be created. i even think that fi-ops should be a fiware
>> chapter, i mean not the operations themesleves, but the implementation of
>> the federation technologies.
>>
>>  ciao,
>> stefano
>>
>>  ciao,
>> stefano
>>
>>
>>  2015-05-21 10:41 GMT+02:00 <thierry.nagellen at orange.com>:
>>
>>>   Hi all,
>>>
>>>
>>>
>>> I would propose a solution to go a step further because using Geant it
>>> is impossible to do any business. For sustainability matter and to avoid
>>> what happened recently we should go for FIWARE Lab has a global portal
>>> hosting links to access local platforms. In this case we should not need
>>> delegation of IdM and just a local IdM to manage local accounts.
>>>
>>>
>>>
>>> To have a global view of what are resources consumed by FIWARE Lab is
>>> just a matter of dashboard and does not need IdM features.
>>>
>>>
>>>
>>> In addition, with this system, a local platform could easily provide a
>>> commercial offer, using the same local IdM, switching a trial user into a
>>> commercial user.
>>>
>>>
>>>
>>> BR
>>>
>>> Thierry
>>>
>>>
>>>
>>> *De :* fiware-lab-recovery-tf-bounces at lists.fiware.org [mailto:
>>> fiware-lab-recovery-tf-bounces at lists.fiware.org] *De la part de* Juanjo
>>> Hierro
>>> *Envoyé :* mercredi 20 mai 2015 17:17
>>> *À :* Federico Michele Facca; fiware-lab-rec.
>>> *Objet :* Re: [Fiware-lab-recovery-tf] question from arian
>>>
>>>
>>>
>>> Hi Federico,
>>>
>>>   I was aware about the issue, that's why I explained that my assumption
>>> was that not all the issues had been solved with the new IdM version.
>>>
>>>   In my opinion, this is one of the major points that should be tackled
>>> within FI-Core.   Indeed trying to get the solution ready for the
>>> integration of new nodes in September (selected through the Open Call or
>>> deciding to join FIWARE Lab on their own).
>>>
>>>   Let's start the discussion during the coming weeks.   Where do we want
>>> it to be tackled?  Within the FI-Ops the or the FIWARE Cloud chapter?
>>> Probably a good approach would be to kick-off this in one of our monday
>>> regular architects meeting we have just started and then follow up.    Next
>>> Monday it was planned to discuss about dockers and stuff like this.   I
>>> wonder whether we can collocate it there or call for a specif meeting.
>>> Suggestions?
>>>
>>>   Best regards,
>>>
>>> -- Juanjo
>>>
>>> On 20/05/15 15:36, Federico Michele Facca wrote:
>>>
>>>  dear juanjo,
>>>
>>> my 2 cents on arian's question:
>>>
>>>
>>>
>>> The problem mentioned by arian is not solved, since idm/keystone is a
>>> single central service not high available in multiple locations beyond
>>> spain (such as the portal) - which does not reflect openstack usual
>>> architecture deployment for multi-region openstack. The default
>>> architecture for multi region keystone could not be applied since it
>>> requires to host user data outside spain.
>>>
>>>
>>>
>>> CREATE-NET proposed a solution (which was having a single keystone per
>>> node) using delegation to authenticate users using oauth2 from the "main"
>>> keystone, the advantages of such solution would have been:
>>>
>>>    a - nodes don't fail when central keystone is not available.
>>>
>>>    b - nodes can support both local users and FIWARE Lab users making
>>> "entering in the game" for without funding much cheaper
>>>
>>>
>>>
>>> the solution would require anyhow:
>>>
>>>    - requires some changes in portal
>>>
>>>    - requires some changes in blueprint engine
>>>
>>>
>>>
>>> thus basically - eventhough developed and partially tested - it was not
>>> moved ahead.
>>>
>>>
>>>
>>> alternative solutions may be based on saml, but i have the feeling this
>>> will get more complex for the portal and blueprints.
>>>
>>>
>>>
>>> best,
>>>
>>> federico
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> --
>>> Future Internet is closer than you think!
>>> http://www.fiware.org
>>>
>>> Official Mirantis partner for OpenStack Training
>>> https://www.create-net.org/community/openstack-training
>>>
>>> --
>>> Dr. Federico M. Facca
>>>
>>> CREATE-NET
>>> Via alla Cascata 56/D
>>> 38123 Povo Trento (Italy)
>>>
>>> P  +39 0461 312471
>>> M +39 334 6049758
>>> E  federico.facca at create-net.org
>>> T @chicco785
>>> W  www.create-net.org
>>>
>>>
>>>
>>>  --
>>>
>>>
>>>
>>> ______________________________________________________
>>>
>>>
>>>
>>> Coordinator and Chief Architect, FIWARE platform
>>>
>>> CTO Industrial IoT, Telefónica
>>>
>>>
>>>
>>> email: juanjose.hierro at telefonica.com
>>>
>>> twitter: @JuanjoHierro
>>>
>>>
>>>
>>> You can follow FIWARE at:
>>>
>>>   website:  http://www.fiware.org
>>>
>>>   twitter:  @FIWARE
>>>
>>>   facebook: http://www.facebook.com/pages/FI-WARE/251366491587242
>>>
>>>   linkedIn: http://www.linkedin.com/groups/FIWARE-4239932
>>>
>>>
>>>  ------------------------------
>>>
>>>
>>> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
>>> puede contener información privilegiada o confidencial y es para uso
>>> exclusivo de la persona o entidad de destino. Si no es usted. el
>>> destinatario indicado, queda notificado de que la lectura, utilización,
>>> divulgación y/o copia sin autorización puede estar prohibida en virtud de
>>> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
>>> que nos lo comunique inmediatamente por esta misma vía y proceda a su
>>> destrucción.
>>>
>>> The information contained in this transmission is privileged and
>>> confidential information intended only for the use of the individual or
>>> entity named above. If the reader of this message is not the intended
>>> recipient, you are hereby notified that any dissemination, distribution or
>>> copying of this communication is strictly prohibited. If you have received
>>> this transmission in error, do not read it. Please immediately reply to the
>>> sender that you have received this communication in error and then delete
>>> it.
>>>
>>> Esta mensagem e seus anexos se dirigem exclusivamente ao seu
>>> destinatário, pode conter informação privilegiada ou confidencial e é para
>>> uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o
>>> destinatário indicado, fica notificado de que a leitura, utilização,
>>> divulgação e/ou cópia sem autorização pode estar proibida em virtude da
>>> legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos
>>> o comunique imediatamente por esta mesma via e proceda a sua destruição
>>>
>>> _________________________________________________________________________________________________________________________
>>>
>>> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>>> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>>> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>>> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>>>
>>> This message and its attachments may contain confidential or privileged information that may be protected by law;
>>> they should not be distributed, used or copied without authorisation.
>>> If you have received this email in error, please notify the sender and delete this message and its attachments.
>>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>>> Thank you.
>>>
>>>
>>>  _______________________________________________
>>> Fiware-lab-recovery-tf mailing list
>>> Fiware-lab-recovery-tf at lists.fiware.org
>>> https://lists.fiware.org/listinfo/fiware-lab-recovery-tf
>>>
>>>
>>
>>
>>  --
>>   Stefano De Panfilis
>> Chief Innovation Officer
>> Engineering Ingegneria Informatica S.p.A.
>> via Riccardo Morandi 32
>> 00148 Roma
>> Italy
>>
>> tel (direct): +39-06-8759-4253
>> tel (secr.): +39-068307-4513
>> fax: +39-068307-4200
>> cell: +39-335-7542-567
>> skype: depa01
>> twitter: @depa01
>>
>>
>
>
>  --
>    --
> Future Internet is closer than you think!
> http://www.fiware.org
>
> Official Mirantis partner for OpenStack Training
> https://www.create-net.org/community/openstack-training
>
> --
> Dr. Federico M. Facca
>
> CREATE-NET
> Via alla Cascata 56/D
> 38123 Povo Trento (Italy)
>
> P  +39 0461 312471
> M +39 334 6049758
> E  federico.facca at create-net.org
> T @chicco785
> W  www.create-net.org
>
>
> --
>
> ______________________________________________________
>
> Coordinator and Chief Architect, FIWARE platform
> CTO Industrial IoT, Telefónica
>
> email: juanjose.hierro at telefonica.com
> twitter: @JuanjoHierro
>
> You can follow FIWARE at:
>   website:  http://www.fiware.org
>   twitter:  @FIWARE
>   facebook: http://www.facebook.com/pages/FI-WARE/251366491587242
>   linkedIn: http://www.linkedin.com/groups/FIWARE-4239932
>
>
> ------------------------------
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
>
> The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo
> da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou
> cópia sem autorização pode estar proibida em virtude da legislação vigente.
> Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique
> imediatamente por esta mesma via e proceda a sua destruição
>



-- 
--
Future Internet is closer than you think!
http://www.fiware.org

Official Mirantis partner for OpenStack Training
https://www.create-net.org/community/openstack-training

-- 
Dr. Federico M. Facca

CREATE-NET
Via alla Cascata 56/D
38123 Povo Trento (Italy)

P  +39 0461 312471
M +39 334 6049758
E  federico.facca at create-net.org
T @chicco785
W  www.create-net.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-recovery-tf/attachments/20150521/b018ab18/attachment.html>
Previous message: [Fiware-lab-recovery-tf] question from arian
Next message: [Fiware-lab-recovery-tf] question from arian
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Fiware-lab-recovery-tf mailing list
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy