This session will include the following subject(s):
VPC Modeling:
One of the key capabilities lacking in OpenStack is a formal way to model multi-tenancy. Recently our team from eBay Inc brought up the question of VPCs - see https://wiki.openstack.org/wiki/Blueprint-VPC and https://www.mail-archive.com/openstack-dev@lists.openstack.org/msg16574.html for the discussion.
Given that tenancy and discovery start with Keystone, I propose to discuss the possibilities starting with Keystone.
(Session proposed by Subbu Allamaraju)
Support for Virtual Organisations:
A VO is a collaboration of users from different organisations who work together on a particular project. With federated Keystone, we need to be able to identify subsests of users from different IdPs who are members of the same VO, and who should have related access rights to the VO's resources in OpenStack. This session will discuss the different ways that we might use to achieve the easy management of VOs, and the additional tools and APIs that will be needed to Keystone for this.
(Session proposed by David Chadwick)
Support for Hierarchical administrative boundary:
Keystone should support domain hierarchy to establish Hierarchical administrative boundary. This is needed to support Reseller or "virtual cloud on a physical cloud", as example given below
Example:
Service provider (GlobalSvcInc) sells its services to multiple customers over 3rd party cloud establishments (CloudProviderInc). GlobalSvcInc wanted to have virtual cloud on CloudProviderInc's cloud infrastructure.
(Session proposed by atiwari)
Hierarchical Projects in Keystone:
Our prototype implements the concept of hierarchical projects using Keystone V3 concepts. The idea of hierarchical projects originateed with Vish proposal of Hierarchical Multitenancy and our prototype shows how this can be achieved without it being disruptive to our community. This is achieved by maintaining a domain as a container of the hierarchical projects tree, this way it is not necessary to remove the domain concept and the hierarchy maintain compatibility with nova. It works with the current Keystone V3 concepts and may work well with Keystone Federation.
