Hi all Honestly to have a delegation of rights for commercial accounts that stakeholders could sell and linked to their own billing system is no sense. Legal implications are very touchy. The main idea is also to come back in a situation where any change will have less impact and could be tested/evaluated node per node. It is bank holiday in France on Monday but I can manage to be on the phone for this issue. I agree that we have first to define the model we could implement before going into procedures. BR Thierry De : fiware-lab-recovery-tf-bounces at lists.fiware.org [mailto:fiware-lab-recovery-tf-bounces at lists.fiware.org] De la part de FERNANDO LOPEZ AGUILAR Envoyé : jeudi 21 mai 2015 12:19 À : Joaquín Salvachúa; Federico Michele Facca Cc : alessandro; fiware-lab-rec. Objet : Re: [Fiware-lab-recovery-tf] question from arian Like Joaquín says, I see more important the legal implications of all this stuff. It is not a technical problem, but we have to keep all the legal decisions. I mean, I need almost 2 weeks to complete a little thing about the publication of email of the users to all the infrastructure owner. I do not want to think about the procedure that we should do now. Regarding 25th, I am not available, I will be travelling to Vienna, I will inform to Henar in order to assist for me in that audio. But, she does not cover all the aspects of the problem. Fernando De: Joaquin Salvachua <jsalvachua at dit.upm.es<mailto:jsalvachua at dit.upm.es>> Fecha: Thursday 21 May 2015 12:10 Para: Federico Michele Facca <federico.facca at create-net.org<mailto:federico.facca at create-net.org>> CC: alessandro <alessandro.martellone at create-net.org<mailto:alessandro.martellone at create-net.org>>, "fiware-lab-rec." <fiware-lab-recovery-tf at lists.fiware.org<mailto:fiware-lab-recovery-tf at lists.fiware.org>> Asunto: Re: [Fiware-lab-recovery-tf] question from arian Hello, I think that we should first define what model we want to have ( i agree to have local accounts break the model i have in mind, but perhaps there are some uses cases for it). Later we will see how we can implement a federation solution that is efficient and keeps the legal aspects for the databases. I think we should not mix both aspects. Best Regards Joaquín El 21/5/2015, a las 11:56, Federico Michele Facca <federico.facca at create-net.org<mailto:federico.facca at create-net.org>> escribió: hi, if we go for just local accounts, we break the concept of FIWARE ecosystem and single point of entry. so, from side that's not the way to go. keep into account that oauth delegation or saml federation WILL enable the commercial usage (each node, beyond the federated users - may have its local users and tools). I am more in favour of a solution that support both modalities (that could be based on oauth delegation or saml federation, I don't really care). FIWARE Ops chapter may work on this aspects for the keystone side (we can consider this indeed a "operation" issue), but I am afraid this will not be enough since also portal and other "global" services may be affected and this will require work from Cloud chapter guys. currently there is a SAML federation work in the OpenStack community. but we need to investigate how this align with current oauth based keystone. i will be out for three weeks, so i would not be able to kick off such action before end of june. anyhow, alessandro is the chapter leader (and architect) so he can coordinate this discussion with the cloud chapter. best, federico On Thu, May 21, 2015 at 11:09 AM, stefano de panfilis <stefano.depanfilis at eng.it<mailto:stefano.depanfilis at eng.it>> wrote: dear thierry, not sure your approach preserves the distributed nature of fiware lab which is guaranteed by the federation concept. as you know at the moment a user can have different vms in different nodes (actually i do have) the approach you are proposing seems, may be i'm wrong, making this more complicated. i think this is a value we cannot loose as it is still a differentiator fiware has and not possesd by other platforms. so we have to find a solution which shares the idm, but also keeps the federation notion fully implemented. as juanjo was suggesting i agree a dedicate task, most likely to me in fi-ops, should be created. i even think that fi-ops should be a fiware chapter, i mean not the operations themesleves, but the implementation of the federation technologies. ciao, stefano ciao, stefano 2015-05-21 10:41 GMT+02:00 <thierry.nagellen at orange.com<mailto:thierry.nagellen at orange.com>>: Hi all, I would propose a solution to go a step further because using Geant it is impossible to do any business. For sustainability matter and to avoid what happened recently we should go for FIWARE Lab has a global portal hosting links to access local platforms. In this case we should not need delegation of IdM and just a local IdM to manage local accounts. To have a global view of what are resources consumed by FIWARE Lab is just a matter of dashboard and does not need IdM features. In addition, with this system, a local platform could easily provide a commercial offer, using the same local IdM, switching a trial user into a commercial user. BR Thierry De : fiware-lab-recovery-tf-bounces at lists.fiware.org<mailto:fiware-lab-recovery-tf-bounces at lists.fiware.org> [mailto:fiware-lab-recovery-tf-bounces at lists.fiware.org<mailto:fiware-lab-recovery-tf-bounces at lists.fiware.org>] De la part de Juanjo Hierro Envoyé : mercredi 20 mai 2015 17:17 À : Federico Michele Facca; fiware-lab-rec. Objet : Re: [Fiware-lab-recovery-tf] question from arian Hi Federico, I was aware about the issue, that's why I explained that my assumption was that not all the issues had been solved with the new IdM version. In my opinion, this is one of the major points that should be tackled within FI-Core. Indeed trying to get the solution ready for the integration of new nodes in September (selected through the Open Call or deciding to join FIWARE Lab on their own). Let's start the discussion during the coming weeks. Where do we want it to be tackled? Within the FI-Ops the or the FIWARE Cloud chapter? Probably a good approach would be to kick-off this in one of our monday regular architects meeting we have just started and then follow up. Next Monday it was planned to discuss about dockers and stuff like this. I wonder whether we can collocate it there or call for a specif meeting. Suggestions? Best regards, -- Juanjo On 20/05/15 15:36, Federico Michele Facca wrote: dear juanjo, my 2 cents on arian's question: The problem mentioned by arian is not solved, since idm/keystone is a single central service not high available in multiple locations beyond spain (such as the portal) - which does not reflect openstack usual architecture deployment for multi-region openstack. The default architecture for multi region keystone could not be applied since it requires to host user data outside spain. CREATE-NET proposed a solution (which was having a single keystone per node) using delegation to authenticate users using oauth2 from the "main" keystone, the advantages of such solution would have been: a - nodes don't fail when central keystone is not available. b - nodes can support both local users and FIWARE Lab users making "entering in the game" for without funding much cheaper the solution would require anyhow: - requires some changes in portal - requires some changes in blueprint engine thus basically - eventhough developed and partially tested - it was not moved ahead. alternative solutions may be based on saml, but i have the feeling this will get more complex for the portal and blueprints. best, federico -- -- Future Internet is closer than you think! http://www.fiware.org<http://www.fiware.org/> Official Mirantis partner for OpenStack Training https://www.create-net.org/community/openstack-training -- Dr. Federico M. Facca CREATE-NET Via alla Cascata 56/D 38123 Povo Trento (Italy) P +39 0461 312471<tel:%2B39%200461%20312471> M +39 334 6049758<tel:%2B39%20334%206049758> E federico.facca at create-net.org<mailto:federico.facca at create-net.org> T @chicco785 W www.create-net.org<http://www.create-net.org/> -- ______________________________________________________ Coordinator and Chief Architect, FIWARE platform CTO Industrial IoT, Telefónica email: juanjose.hierro at telefonica.com<mailto:juanjose.hierro at telefonica.com> twitter: @JuanjoHierro You can follow FIWARE at: website: http://www.fiware.org<http://www.fiware.org/> twitter: @FIWARE facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _______________________________________________ Fiware-lab-recovery-tf mailing list Fiware-lab-recovery-tf at lists.fiware.org<mailto:Fiware-lab-recovery-tf at lists.fiware.org> https://lists.fiware.org/listinfo/fiware-lab-recovery-tf -- Stefano De Panfilis Chief Innovation Officer Engineering Ingegneria Informatica S.p.A. via Riccardo Morandi 32 00148 Roma Italy tel (direct): +39-06-8759-4253<tel:%2B39-06-8759-4253> tel (secr.): +39-068307-4513<tel:%2B39-068307-4513> fax: +39-068307-4200<tel:%2B39-068307-4200> cell: +39-335-7542-567 skype: depa01 twitter: @depa01 -- -- Future Internet is closer than you think! http://www.fiware.org<http://www.fiware.org/> Official Mirantis partner for OpenStack Training https://www.create-net.org/community/openstack-training -- Dr. Federico M. Facca CREATE-NET Via alla Cascata 56/D 38123 Povo Trento (Italy) P +39 0461 312471 M +39 334 6049758 E federico.facca at create-net.org<mailto:federico.facca at create-net.org> T @chicco785 W www.create-net.org<http://www.create-net.org/> _______________________________________________ Fiware-lab-recovery-tf mailing list Fiware-lab-recovery-tf at lists.fiware.org<mailto:Fiware-lab-recovery-tf at lists.fiware.org> https://lists.fiware.org/listinfo/fiware-lab-recovery-tf ________________________________ Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-lab-recovery-tf/attachments/20150521/c14b860f/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy