WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-api

Re: [Xen-API] Re: Xen API call today 8am PST

To: Ewan Mellor <ewan@xxxxxxxxxxxxx>
Subject: Re: [Xen-API] Re: Xen API call today 8am PST
From: Ronald Perez <ronpz@xxxxxxxxxx>
Date: Fri, 16 Feb 2007 10:26:15 -0500
Cc: xen-api@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 16 Feb 2007 07:25:23 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070216101801.GC24587@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx

Ewan Mellor wrote on 02/16/2007 05:18:01 AM:

> Stefan asked about the recent sHype/ACM Xen-API patch, and what it would take
> to get that into the tree.  I said that, since I don't have expertise in this
> area, I'm going to need consensus from the other security folks with regards
> to the API.  I'd be looking for an agreement that XSM would drop into the same
> framework, in particular.
>


Hi Ewan, I think Stefan responded to the technical merits of the sHype/ACM Xen-API patch, and the difficulty of predicting what an API for any future policy might look like. I understand your desire for consensus from those contributing to Xen security capabilities, but I think we essentially have that. During the last Xen summit it was agreed in principle that XSM would be considered for inclusion once sample policies were available and performance issues were addressed. NSA submitted additional XSM support in Dec. (on the Xense-devel list) and mentioned the intent for XSM to "subsume" the functionality of ACM with the "ACM-specific XSM module". They also pointed out that the "current implementation [of XSM] uses the existing ACM interfaces". I have seen no strong public objections to XSM or to the sHype/ACM Xen-API.


> Previously, I suggested that this would be a good thing to discuss at the next
> Xen Summit when everyone's together, and I still think that that's a good
> idea.
>


If there are concerns, those concerns should be voiced now, before the next Xen summit. In the mean time, there are people using sHype/ACM today as the only supported access control framework in Xen (certainly IBM is using it, but there are others as well). Barring any objections, I don't see the need to delay the same sort of management interfaces that we already have for other components of Xen, some of which may even be less mature than sHype/ACM.

-Ron
_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api
<Prev in Thread] Current Thread [Next in Thread>