Dear Pascal and members of the Security Chapter, As you know, we had to come with a temporal solution to the FI-WARE GE API Access Control issues that the UC projects are facing when trying to use FI-WARE GEs deployed on the FI-WARE Testbed. Such temporary solution would be developed and deployed in parallel to work planned in the Security chapter who is responsible of designing a consolidated solution for the FI-WARE Second Release. As agreed during the Security Chapter confcall where this matter was discussed, I took the responsibility to setup a team involving people from the FI-WARE Testbed team trying come with this temporary solution. Soon we found that we had to involve people from the team at UPM working on the development of the FI-WARE Cloud portal. This was because we found that the OpenStack Keystone component being used in the Cloud chapter would allow us to easily and rather quickly develop a solution that meet the following requirements: * the solution should allow us to re-use FI-WARE Testbed user accounts as user accounts for the FI-WARE Cloud, which would ease the overall management of the FI-WARE Testbed. * the solution should be implementable in two steps as to bring a valid solution for both the very short term (end of October) and the mid-term (end of November) the latter one allowing us to put in place an OAuth 2.0-based controlled access to APIs provided by FI-WARE GEs deployed on the FI-WARE Testbed. During the last two weeks, the above mentioned team has worked hard on the matter as to design a solution that is summarized in the presentation you can download from: https://forge.fi-ware.eu/docman/view.php/7/1398/FI-WARE+Testbed+temporary+Identity+and+Access+Control+solution.pptx One interesting aspect of the short/medium-term solution provided is that it would be delivered as Open Source (not only because OpenStack Keystone solution already is open source but because the UPM team working in the Cloud Portal has agreed to deliver the new components they have to develop as open source). I took the opportunity of sharing this design during the FI-PPP AB virtual meeting last week and the UC projects that were present confirmed it would work them as a temporary solution. I wanted to share the design of this temporary solution with you as to: * Find out whether you believe there is something already delivered by the Security Chapter in the first Release that it may be useful to integrate in the proposed solution (trying to be pragmatic here because we all have to be aware about the timing). I personally wondered whether it would be feasible to use any of the Identity Management GEs here. With the information available, it was difficult for us to find out what could be used in the design but we would be happy to hear any proposal we can evaluate. * Plan the discussions on how we can migrate from the designed solution to the final one planned for the Second Release. My take on this is that we need to find out how the "Keystone" component in slides 7-9-11 could integrate with (or be replaced by) the Identity Management GE and how the "Keystone middleware" component could be replaced by the envisioned Access Control GE (this in case that the Access Control GE is going to be compatible with the support of OAuth 2.0, otherwise we may keep the designed solution just to support OAuth 2.0-based controlled access to APIs). Anyway this would be subject to analysis and the sooner we plan the meetings for discussing this, the better. I would also like to propose having a dedicated confcall where we can present the designed solution to the Security Chapter team. We may even allocate a slot during the weekly meeting of the Security Chapter team (I believe you meet regularly on Fridays) if that is more suitable to you. Just let me know. Your feedback comments, of course, are welcome. Cheers, -- Juanjo ------------- Product Development and Innovation (PDI) - Telefonica Digital website: www.tid.es<http://www.tid.es> email: jhierro at tid.es<mailto:jhierro at tid.es> twitter: twitter.com/JuanjoHierro FI-WARE (European Future Internet Core Platform) Chief Architect You can follow FI-WARE at: website: http://www.fi-ware.eu facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 twitter: http://twitter.com/FIware linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20121022/fd78501a/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy