[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] Re: Xen API call today 8am PST




Ewan Mellor wrote on 02/16/2007 05:18:01 AM:

> Stefan asked about the recent sHype/ACM Xen-API patch, and what it would take
> to get that into the tree.  I said that, since I don't have expertise in this
> area, I'm going to need consensus from the other security folks with regards
> to the API.  I'd be looking for an agreement that XSM would drop into the same
> framework, in particular.
>


Hi Ewan, I think Stefan responded to the technical merits of the sHype/ACM Xen-API patch, and the difficulty of predicting what an API for any future policy might look like. I understand your desire for consensus from those contributing to Xen security capabilities, but I think we essentially have that. During the last Xen summit it was agreed in principle that XSM would be considered for inclusion once sample policies were available and performance issues were addressed. NSA submitted additional XSM support in Dec. (on the Xense-devel list) and mentioned the intent for XSM to "subsume" the functionality of ACM with the "ACM-specific XSM module". They also pointed out that the "current implementation [of XSM] uses the existing ACM interfaces". I have seen no strong public objections to XSM or to the sHype/ACM Xen-API.


> Previously, I suggested that this would be a good thing to discuss at the next
> Xen Summit when everyone's together, and I still think that that's a good
> idea.
>


If there are concerns, those concerns should be voiced now, before the next Xen summit. In the mean time, there are people using sHype/ACM today as the only supported access control framework in Xen (certainly IBM is using it, but there are others as well). Barring any objections, I don't see the need to delay the same sort of management interfaces that we already have for other components of Xen, some of which may even be less mature than sHype/ACM.

-Ron
_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.