WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Finer access control framework over users, domains and o

To: Syunsuke HAYASHI <syunsuke@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Finer access control framework over users, domains and operations.
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Fri, 30 May 2008 14:41:59 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 30 May 2008 06:42:30 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <483FD017.3010008@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <48311B5E.2060100@xxxxxxxxxxxxxx> <18481.21663.161348.181541@xxxxxxxxxxxxxxxxxxxxxxxx> <483FD017.3010008@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Syunsuke HAYASHI writes ("Re: [Xen-devel] Finer access control framework over 
users,    domains and operations."):
> We understand that the implementation of the ACM on the web layer is easy.
> But we think that basic control tools of Xen (xm and libvirt) also need 
> the ACM

I see.  Why ?

> It is necessary to realize the ACM which considers users, domains and 
> operations.
> We only know ways that control by the unit of users or processes.
> Please let us know if there are other tools or ways that realize the ACM.

I'm not sure what you mean by `realise the ACM'.  Earlier you said
`ACM' stood for `Access Control Module' which I'll take to assume
means just some kind of access control facility.  I assume `realise'
means `have.

So you seem to be saying that you need an access control facility that
`considers users, domains and operations'.  That kind of access
control seems to be exactly what is easily done at a web ui layer, as
I said.

Perhaps `Access Control Module' means something more specific.  If so
then what kind of something ?  And why do you need that rather than
another solution ?

It would be most helpful if you described your ultimate objectives, in
a solution-neutral way.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>