Re: [occi-wg] Renaming the "Link" base type

7 Oct 2010

      The challenge is the ownership information. To put it simply: OCCI may lack authz but I think it cannot lack 
ownership information. That is it must handle identity information during resource creation. I didn't have 
time to read through authentication, yet. So my question is: 

Does OCCI receive identity information on resource creation? 

Reason:

(1) Authorization relies on ownership information (besides others), it must link cloud resources and users. 
Without the knowledge of ownership no authz could ever work.

(2) Question: who  will record ownership information? If OCCI does this I have no question. However
if it doesnt then the external system must do this. 

(3) Question: How will an external system record ownership information? I see 2 basic scenarios (though 
others might be possible as well):

(a) An external (proxy like) system recieves the create request first which is then forwarded to OCCI. In this case 
the external system must be OCCI-aware in order to extract ownership information. But can we expect from a 
generic authz system to do this? I would say no. Generic authz systems are generic not OCCI-specific:)

(b) OCCI receives the create requests first, in this case OCCI must be aware of the identity in order to push 
ownership information to the authz system. 

Hence in either case OCCI must deal with identity/ownership: either record it or pass it through.

Note that this is just a quick analyis:)

Cheers,
Gyula
________________________________________
Feladó: Edmonds, AndrewX [andrewx.edmonds@intel.com]
Küldve: 2010. október 7. 0:57
Címzett: Ralf Nyren; Csom Gyula; occi-wg@ogf.org
Tárgy: RE: [occi-wg] Renaming the "Link" base type

Yes - really OCCI will not define authorization or anything AAA/IdM but merely expose a way, by extension, to point/discover to such systems at most.

-----Original Message-----
From: occi-wg-bounces@ogf.org [mailto:occi-wg-bounces@ogf.org] On Behalf Of Ralf Nyren
Sent: Wednesday, October 06, 2010 5:08 PM
To: Csom Gyula; occi-wg@ogf.org
Subject: Re: [occi-wg] Renaming the "Link" base type

Hi,

Authorization will likely not make it to the first version of OCCI.
Authentication will be available though. You are however free to implement
"users" as a sub-type of Resource and then use ResourceLink to associate
users with resources.

regards, Ralf

On Wed, 06 Oct 2010 17:01:11 +0200, Csom Gyula <csom@interface.hu> wrote:
...
Hi,
Do you plan to add authorization support to the protocol? That is will
OCCI handle users and
ownership information? Just because ownership means a "link" from a
resource pointing to a
user...
Cheers,
Gyula
________________________________________
Feladó: occi-wg-bounces@ogf.org [occi-wg-bounces@ogf.org] ;
meghatalmazó: Ralf Nyren [ralf@nyren.net]
Küldve: 2010. október 6. 16:33
Címzett: occi-wg@ogf.org
Tárgy: [occi-wg] Renaming the "Link" base type
Hi,
It is easy to confuse the OCCI "Link" base type with HTTP "Link Header"
and the general term of linking.
Therefore it was proposed during today's conf call to rename the base
type
"Link" to "ResourceLink". That way we let the name make clear what the
Link is used for, i.e. linking Resources.
Would appreciate your comments. Deadline is on Friday.
regards, Ralf
_______________________________________________
occi-wg mailing list
occi-wg@ogf.org
http://www.ogf.org/mailman/listinfo/occi-wg
_______________________________________________
occi-wg mailing list
occi-wg@ogf.org
http://www.ogf.org/mailman/listinfo/occi-wg