Ask Your Question

How to Implement an Access Control Model for a Private Cloud Environment based on OpenStack?

asked 2015-02-15 02:34:05 -0600

Khaled Riad gravatar image

Hello, Please I already have a private cloud environment built on 3 physical servers based on Openstack (Juno). I want to know how to implement an access control model (Attribute Based Access Control (ABAC)) to control the cloud resources, for example a database on the cloud. I mean, am I have to creat an instance for the access control model? or I have to use another physical machine for the access control, ......... or others?

Any helpful answer will be appreciated.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-02-15 16:38:28 -0600


You need to find an ABAC (attribute based access control) implementation. One such implementation is XACML, the eXtensible Access Control Markup Language. XACML, as you might know, defines:

  • an (architecture)
  • a policy language, and
  • a request/response scheme.

In your case, you have a cloud environment. The deployment form factor (cloud vs. on prem) doesn't really matter so much. What matters is what you want to protect. You mention databases. What kind are they? Do you also have APIs? If you do, products like Away API Gateway could do the trick.

The company I work for (disclaimer) has a database-focused ABAC solution called (Axiomatics) Data Access Filter (ADAF). It could solve your problems.

You can also check out the following resources:

  • (ABAC on Stackoverflow)
  • (XACML on Stackoverflow)
  • (XACML for developers)
  • A quick introduction to (ABAC)
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-02-15 02:34:05 -0600

Seen: 1,005 times

Last updated: Feb 15 '15