Authentication/Authorization/Access control/Accounting/Auditing services in the cloud
Could the Ubuntu Enterprise Cloud provide centralized services for AAAAAA?
Authentication: all users using applications deployed in the cloud are centrally managed
Authorization: authorization are centrally managed, deployed applications define which roles/permissions they provide to the authorization services, administrators can then authorize users/groups
Access Control: applications uses the access control service to check whether users are authorized to perform their actions. policikit in the cloud.
Accounting: measure ressources consumption and monitoring systems.
Auditing: logging service.
Blueprint information
- Status:
- Not started
- Approver:
- Rick Clark
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Drafting
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Whiteboard
=================
Discussion from UDS Karmic
= Authentication, Authorization, and Accounting =
* Kerberos
* Authentication
* For Web there are packages available.
* Work by French IRS for AAA.
* RBack?
* lemonldap-ng
* Target user is a software architect.
* Find a service they can use for their application.
* Policy Kit
* Gnome application.
* Adjust to provide Group Policy type controls.
* SAML
* Meant for outside the network authentication.
* Disparate directory server's can share user information.
* OpenID style authentication.
* Accounting
* Measure resource consumption.
* Demand for a mechanism to provide billing in the cloud space.
* It's easy to get data into Munin, but how easy is it to get data out?
* Send Munin data to another accounting system where the data can be manipulated as needed.
* Add accounting infrastructure for Eucalyptus.
* Feature is planned for the future.
* Update the syslog in Main for better log consolidation.
* Moving to rsyslog.
* Auditing
* Standardize on a logging format.
* Provide a centralized logging infrastructure as part of the Directory integration.
* OpenLDAP contains LDAP enabled logging.
=================
