Hi Pascal, Yes, I can confirm attendance to this confcall. People from the UPM (in charge of the Cloud Portal and involved in the development of the short/medium term solution) will also participate. What bridge should we use ? I can offer the powwownow we use for the joint WPLs/WPAs follow-up confcalls which allow local dial numbers if that helps. We would definitively need local dial-in numbers. Cheers, -- Juanjo ------------- Product Development and Innovation (PDI) - Telefonica Digital website: www.tid.es<http://www.tid.es> email: jhierro at tid.es<mailto:jhierro at tid.es> twitter: twitter.com/JuanjoHierro FI-WARE (European Future Internet Core Platform) Chief Architect You can follow FI-WARE at: website: http://www.fi-ware.eu facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 twitter: http://twitter.com/FIware linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 On 24/10/12 17:10, BISSON Pascal wrote: Dear Juanjo, Thanks for your email. In response I'd like to invite you to an audio conference where we could discuss with you the solution you are proposing hereafter for the short term. This audio conference will take place this Friday from 10am to 11am (our Weekly audio conf at Security Chapter level would start at 11am exceptionally). Please confirm me your participation (hoping you could or would take necessary steps to make it - we are proposing this week simply because some of the requested participants would be off next week due to some bank holidays in countries). As for the rest and in term of participants from our side there would be the following ones: WPL/WPA - Me and Daniel IdM GE owners Robert (NSN) and Wolfgang (DT) Access control GE (under definition and to be released fro V2) owner Cyril /Benoit (THA/TS) and Richard (THA/TRT-UK) (must add to this that Thales participants to this call would also have expertise in Open Stack Keystone which can only help in our discussions. Hearing from you. Best Regards, Pascal PS: We will provide with details to join and webex facility offered by NSN as soon as you confirm your participation De : Juanjo Hierro [mailto:jhierro at tid.es] Envoyé : lundi 22 octobre 2012 06:41 À : BISSON Pascal; GIDOIN Daniel Cc : Fiware-security at lists.fi-ware.eu<mailto:Fiware-security at lists.fi-ware.eu>; jhierro >> "Juan J. Hierro" Objet : Temporary solution designed for the FI-WARE Testbed regarding Controlled Access to FI-WARE GE APIs Dear Pascal and members of the Security Chapter, As you know, we had to come with a temporal solution to the FI-WARE GE API Access Control issues that the UC projects are facing when trying to use FI-WARE GEs deployed on the FI-WARE Testbed. Such temporary solution would be developed and deployed in parallel to work planned in the Security chapter who is responsible of designing a consolidated solution for the FI-WARE Second Release. As agreed during the Security Chapter confcall where this matter was discussed, I took the responsibility to setup a team involving people from the FI-WARE Testbed team trying come with this temporary solution. Soon we found that we had to involve people from the team at UPM working on the development of the FI-WARE Cloud portal. This was because we found that the OpenStack Keystone component being used in the Cloud chapter would allow us to easily and rather quickly develop a solution that meet the following requirements: * the solution should allow us to re-use FI-WARE Testbed user accounts as user accounts for the FI-WARE Cloud, which would ease the overall management of the FI-WARE Testbed. * the solution should be implementable in two steps as to bring a valid solution for both the very short term (end of October) and the mid-term (end of November) the latter one allowing us to put in place an OAuth 2.0-based controlled access to APIs provided by FI-WARE GEs deployed on the FI-WARE Testbed. During the last two weeks, the above mentioned team has worked hard on the matter as to design a solution that is summarized in the presentation you can download from: https://forge.fi-ware.eu/docman/view.php/7/1398/FI-WARE+Testbed+temporary+Identity+and+Access+Control+solution.pptx One interesting aspect of the short/medium-term solution provided is that it would be delivered as Open Source (not only because OpenStack Keystone solution already is open source but because the UPM team working in the Cloud Portal has agreed to deliver the new components they have to develop as open source). I took the opportunity of sharing this design during the FI-PPP AB virtual meeting last week and the UC projects that were present confirmed it would work them as a temporary solution. I wanted to share the design of this temporary solution with you as to: * Find out whether you believe there is something already delivered by the Security Chapter in the first Release that it may be useful to integrate in the proposed solution (trying to be pragmatic here because we all have to be aware about the timing). I personally wondered whether it would be feasible to use any of the Identity Management GEs here. With the information available, it was difficult for us to find out what could be used in the design but we would be happy to hear any proposal we can evaluate. * Plan the discussions on how we can migrate from the designed solution to the final one planned for the Second Release. My take on this is that we need to find out how the "Keystone" component in slides 7-9-11 could integrate with (or be replaced by) the Identity Management GE and how the "Keystone middleware" component could be replaced by the envisioned Access Control GE (this in case that the Access Control GE is going to be compatible with the support of OAuth 2.0, otherwise we may keep the designed solution just to support OAuth 2.0-based controlled access to APIs). Anyway this would be subject to analysis and the sooner we plan the meetings for discussing this, the better. I would also like to propose having a dedicated confcall where we can present the designed solution to the Security Chapter team. We may even allocate a slot during the weekly meeting of the Security Chapter team (I believe you meet regularly on Fridays) if that is more suitable to you. Just let me know. Your feedback comments, of course, are welcome. Cheers, -- Juanjo ------------- Product Development and Innovation (PDI) - Telefonica Digital website: www.tid.es<http://www.tid.es> email: jhierro at tid.es<mailto:jhierro at tid.es> twitter: twitter.com/JuanjoHierro FI-WARE (European Future Internet Core Platform) Chief Architect You can follow FI-WARE at: website: http://www.fi-ware.eu facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 twitter: http://twitter.com/FIware linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20121025/69e49e38/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy