[Hawkular-dev] What are your Authentication and Authorization needs?

Jay Shaughnessy jshaughn at redhat.com
Mon Apr 25 09:29:30 EDT 2016 

Juca,  I think Lucas is correct, Alerts has the multi-tenancy model 
built in and so requires a tenantId on everything.   We already have a 
standalone distribution (for use outside of Hawkular) that drives off of 
the Hawkular-Tenant header, so I guess we would just continue to use 
that mechanism in all cases.  I guess that means we may drop the 
h-accounts dependency but I will discuss further with Lucas and we'll 
continue to monitor the accounts changes.

Lucas, this may further drive the need for schema refactoring because if 
we only receive a single tenant on everything coming from MIQ, we will 
get very little data distribution.


On 4/25/2016 3:31 AM, Lucas Ponce wrote:
>
> ----- Mensaje original -----
>> De: "Juraci Paixão Kröhling" <jpkroehling at redhat.com>
>> Para: "Lucas Ponce" <lponce at redhat.com>, "Discussions around Hawkular development" <hawkular-dev at lists.jboss.org>
>> Enviados: Lunes, 25 de Abril 2016 9:22:21
>> Asunto: Re: [Hawkular-dev] What are your Authentication and Authorization needs?
>>
>> On 25.04.2016 09:13, Lucas Ponce wrote:
>>> For alerting, all model is tenant-based, and I don't see that aspect is
>>> going to change (or we can change it without a major refactor).
>> There won't be any more tenancy information coming from Accounts,
>> because there won't be any tenancy information coming to Accounts :) I'm
>> afraid you'd have to change it.
>>
>>> So, no new security requeriments from this component, internally we work
>>> with the tenant that is translated from hawkular accounts (or taken from a
>>> header in standalone scenarios).
>> Your clients (MiQ, Ruby gem, UI, ...) will have to know about tenants
>> and send it to Alerts on the payload. Accounts won't touch it.
>>
>> If you (and other components) *require* tenancy information for some
>> concrete use case, we might discuss how we could handle it in a common
>> way to all components. Otherwise, I'd just assume that the same
>> requirement you had for multi tenancy went away when the requirement for
>> multi tenancy on Accounts went away.
>>
>> - Juca.
>>
> So, if I interpret correctly, it seems that the change will be that we should handle the tenant aspect explictly as we do for standalone scenarios.
>
> Well, that's not a big change at all, I think we covered that usecase with the Hawkular-Tenant header.
>
>
>
>
> _______________________________________________
> hawkular-dev mailing list
> hawkular-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/hawkular-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/hawkular-dev/attachments/20160425/996d07ab/attachment.html

More information about the hawkular-dev mailing list