[almighty] almighty-public Digest, Vol 5, Issue 38

Andrew Lee Rubinger alr at redhat.com
Fri Sep 23 17:20:41 UTC 2016 

On Fri, Sep 23, 2016 at 1:09 PM, Monica Granfield <mgranfie at redhat.com>
wrote:

>
>
> On Thu, Sep 22, 2016 at 9:21 PM, <almighty-public-request at redhat.com>
> wrote:
>
>> Send almighty-public mailing list submissions to
>>         almighty-public at redhat.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         https://www.redhat.com/mailman/listinfo/almighty-public
>> or, via email, send a message with subject or body 'help' to
>>         almighty-public-request at redhat.com
>>
>> You can reach the person managing the list at
>>         almighty-public-owner at redhat.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of almighty-public digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Re: Multitenancy (Max Rydahl Andersen)
>>    2. Re: Multitenancy (Todd Mancini)
>>    3. Re: Multitenancy (Andrew Lee Rubinger)
>>    4. Re: Multitenancy (Max Rydahl Andersen)
>>    5. Re: Multitenancy (Todd Mancini)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Fri, 23 Sep 2016 00:24:20 +0200
>> From: "Max Rydahl Andersen" <manderse at redhat.com>
>> To: "Andrew Lee Rubinger" <alr at redhat.com>
>> Cc: ALMighty-public <almighty-public at redhat.com>
>> Subject: Re: [almighty] Multitenancy
>> Message-ID: <10A219D2-7422-4EA9-8435-0D95C5602ECB at redhat.com>
>> Content-Type: text/plain; format=flowed
>>
>> On 22 Sep 2016, at 21:08, Andrew Lee Rubinger wrote:
>>
>> > On Thu, Sep 22, 2016 at 3:07 PM, Baiju Muthukadan
>> > <bmuthuka at redhat.com>
>> > wrote:
>> >
>> >> Hi,
>> >>
>> >> ALMighty architecture is going to support Multitenancy, right?
>> >>
>> > To the bone, yes.
>>
>> what is unclear though is how the multi tenancy will work.
>>
>> i.e. is it like github/jira where one instance under one url has many
>> projects with shared users/orgs
>> or is it more like VSO where each domain has one project with users
>> shared across many domains.
>>
>> Eagerly waiting for some of the "new project" PDD/UX stories to actually
>> start getting that settled down.
>>
>> /max
>>
>> >
>> >> Regards,
>> >> Baiju M
>> >>
>> >> _______________________________________________
>> >> almighty-public mailing list
>> >> almighty-public at redhat.com
>> >> https://www.redhat.com/mailman/listinfo/almighty-public
>> >>
>> >>
>> >
>> > --
>> > Red Hat Developer Programs Architecture
>> > @ALRubinger
>>
>>
>> > _______________________________________________
>> > almighty-public mailing list
>> > almighty-public at redhat.com
>> > https://www.redhat.com/mailman/listinfo/almighty-public
>>
>>
>> /max
>> http://about.me/maxandersen
>>
>>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Thu, 22 Sep 2016 15:37:22 -0700
>> From: Todd Mancini <tmancini at redhat.com>
>> To: Max Rydahl Andersen <manderse at redhat.com>,  Andrew Lee Rubinger
>>         <alr at redhat.com>
>> Cc: ALMighty-public <almighty-public at redhat.com>
>> Subject: Re: [almighty] Multitenancy
>> Message-ID: <-3308662122377792276 at unknownmsgid>
>> Content-Type: text/plain; charset=UTF-8
>>
>> It's not clear to me what URLs have to do with multi-tenancy. The VSTS
>> approach (which is actually one "org" per FQDN, but with infinite
>> projects per org) was chosen for technical reasons, not product
>> management ones.
>>
>> So, do you have a technical preference?
>>
>> The GitHub model seems to work well. But since we also plan to handle
>> enterprise SSO (via SAML, for example), the Gmail model also works well
>> (as far as PM is concerned). I'm not married to particular URL schemes.
>>
>> Sent from my phone, so anticipate hilarious autocorrectsFrom: Max
>> Rydahl Andersen
>> Sent: ?9/?22/?2016 6:24 PM
>> To: Andrew Lee Rubinger
>> Cc: ALMighty-public
>> Subject: Re: [almighty] Multitenancy
>> On 22 Sep 2016, at 21:08, Andrew Lee Rubinger wrote:
>>
>> > On Thu, Sep 22, 2016 at 3:07 PM, Baiju Muthukadan
>> > <bmuthuka at redhat.com>
>> > wrote:
>> >
>> >> Hi,
>> >>
>> >> ALMighty architecture is going to support Multitenancy, right?
>> >>
>> > To the bone, yes.
>>
>> what is unclear though is how the multi tenancy will work.
>>
>> i.e. is it like github/jira where one instance under one url has many
>> projects with shared users/orgs
>> or is it more like VSO where each domain has one project with users
>> shared across many domains.
>>
>> Eagerly waiting for some of the "new project" PDD/UX stories to actually
>> start getting that settled down.
>>
>> /max
>>
>> >
>> >> Regards,
>> >> Baiju M
>> >>
>> >> _______________________________________________
>> >> almighty-public mailing list
>> >> almighty-public at redhat.com
>> >> https://www.redhat.com/mailman/listinfo/almighty-public
>> >>
>> >>
>> >
>> > --
>> > Red Hat Developer Programs Architecture
>> > @ALRubinger
>>
>>
>> > _______________________________________________
>> > almighty-public mailing list
>> > almighty-public at redhat.com
>> > https://www.redhat.com/mailman/listinfo/almighty-public
>>
>>
>> /max
>> http://about.me/maxandersen
>>
>> _______________________________________________
>> almighty-public mailing list
>> almighty-public at redhat.com
>> https://www.redhat.com/mailman/listinfo/almighty-public
>>
>>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Thu, 22 Sep 2016 18:44:20 -0400
>> From: Andrew Lee Rubinger <alr at redhat.com>
>> To: Todd Mancini <tmancini at redhat.com>
>> Cc: ALMighty-public <almighty-public at redhat.com>
>> Subject: Re: [almighty] Multitenancy
>> Message-ID:
>>         <CABm567EBiBZWQ2cg+GgOEik1XSLUzTXkwKqMZPiufvZ6evQ5vA at mail.
>> gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> I think the question is about more than a URL scheme.
>>
>> We've been considering "Project" as our top-level container entity, but
>> there really exists "system" above that.
>>
>> By that measure, we can contain in a system:
>>
>> * Users
>> * Projects
>>
>> ...and then map permissions between users and roles at the project level.
>>
>> How does "Organization" map into that?
>>
>> S,
>> ALR
>>
>
> We heard back from users that the model should support the ability to see
> progress, status, of work and users. Across team insights and across org.
> It would be helpful to understand how we would define an Organization,
> Project, Team, Board etc and how these all factor in to the use cases. This
> also came up when I was working on the UI for assign user. What does it
> mean to assign a user at a certain level. What are the inheritances, access
> and permissions etc... I stopped bc I was not sure of what it meant to our
> users to have a project or a board etc...
>
> It would be great to walk through this with you. I have attached some
> early thinking on this and then had put it aside. It would be great to get
> together and give this some attention and thought.
>
> -Monica
>

So a focus for this sprint in general is "core domain types and
architecture"; this topic works wonderfully alongside that.  I'd be very
interested in developing a visual representation of the above-mentioned
constructs and their relationships over the course of next week.

S,
ALR



>
> -Monica
>
>>
>> On Thu, Sep 22, 2016 at 6:37 PM, Todd Mancini <tmancini at redhat.com>
>> wrote:
>>
>> > It's not clear to me what URLs have to do with multi-tenancy. The VSTS
>> > approach (which is actually one "org" per FQDN, but with infinite
>> > projects per org) was chosen for technical reasons, not product
>> > management ones.
>> >
>> > So, do you have a technical preference?
>> >
>> > The GitHub model seems to work well. But since we also plan to handle
>> > enterprise SSO (via SAML, for example), the Gmail model also works well
>> > (as far as PM is concerned). I'm not married to particular URL schemes.
>> >
>> > Sent from my phone, so anticipate hilarious autocorrectsFrom: Max
>> > Rydahl Andersen
>> > Sent: ?9/?22/?2016 6:24 PM
>> > To: Andrew Lee Rubinger
>> > Cc: ALMighty-public
>> > Subject: Re: [almighty] Multitenancy
>> > On 22 Sep 2016, at 21:08, Andrew Lee Rubinger wrote:
>> >
>> > > On Thu, Sep 22, 2016 at 3:07 PM, Baiju Muthukadan
>> > > <bmuthuka at redhat.com>
>> > > wrote:
>> > >
>> > >> Hi,
>> > >>
>> > >> ALMighty architecture is going to support Multitenancy, right?
>> > >>
>> > > To the bone, yes.
>> >
>> > what is unclear though is how the multi tenancy will work.
>> >
>> > i.e. is it like github/jira where one instance under one url has many
>> > projects with shared users/orgs
>> > or is it more like VSO where each domain has one project with users
>> > shared across many domains.
>> >
>> > Eagerly waiting for some of the "new project" PDD/UX stories to actually
>> > start getting that settled down.
>> >
>> > /max
>> >
>> > >
>> > >> Regards,
>> > >> Baiju M
>> > >>
>> > >> _______________________________________________
>> > >> almighty-public mailing list
>> > >> almighty-public at redhat.com
>> > >> https://www.redhat.com/mailman/listinfo/almighty-public
>> > >>
>> > >>
>> > >
>> > > --
>> > > Red Hat Developer Programs Architecture
>> > > @ALRubinger
>> >
>> >
>> > > _______________________________________________
>> > > almighty-public mailing list
>> > > almighty-public at redhat.com
>> > > https://www.redhat.com/mailman/listinfo/almighty-public
>> >
>> >
>> > /max
>> > http://about.me/maxandersen
>> >
>> > _______________________________________________
>> > almighty-public mailing list
>> > almighty-public at redhat.com
>> > https://www.redhat.com/mailman/listinfo/almighty-public
>> >
>>
>>
>>
>> --
>> Red Hat Developer Programs Architecture
>> @ALRubinger
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <https://www.redhat.com/archives/almighty-public/attachments
>> /20160922/034c34bd/attachment.html>
>>
>> ------------------------------
>>
>> Message: 4
>> Date: Fri, 23 Sep 2016 00:47:30 +0200
>> From: "Max Rydahl Andersen" <manderse at redhat.com>
>> To: "Todd Mancini" <tmancini at redhat.com>
>> Cc: ALMighty-public <almighty-public at redhat.com>,       Andrew Lee
>> Rubinger
>>         <alr at redhat.com>
>> Subject: Re: [almighty] Multitenancy
>> Message-ID: <520C7925-5A1B-4C08-A542-1E8CD3B4953D at redhat.com>
>> Content-Type: text/plain; charset=utf-8; format=flowed
>>
>> On 23 Sep 2016, at 0:37, Todd Mancini wrote:
>>
>> > It's not clear to me what URLs have to do with multi-tenancy. The VSTS
>> > approach (which is actually one "org" per FQDN, but with infinite
>> > projects per org) was chosen for technical reasons, not product
>> > management ones.
>>
>> it was more that VSTS by default seem to create much more separation
>> between projects/orgs than
>> anything else I've seen - if that is just pure perception then all good
>> :)
>>
>> > So, do you have a technical preference?
>>
>> I'll let Aslak respond to that.
>>
>> > The GitHub model seems to work well. But since we also plan to handle
>> > enterprise SSO (via SAML, for example), the Gmail model also works
>> > well
>> > (as far as PM is concerned). I'm not married to particular URL
>> > schemes.
>>
>> gmail model ? you mean the separation of the gmail community offering vs
>> the google product offerings
>> where you get your own domain if you want to be truly separate ?
>>
>> /max
>>
>> > Sent from my phone, so anticipate hilarious autocorrectsFrom: Max
>> > Rydahl Andersen
>> > Sent: ?9/?22/?2016 6:24 PM
>> > To: Andrew Lee Rubinger
>> > Cc: ALMighty-public
>> > Subject: Re: [almighty] Multitenancy
>> > On 22 Sep 2016, at 21:08, Andrew Lee Rubinger wrote:
>> >
>> >> On Thu, Sep 22, 2016 at 3:07 PM, Baiju Muthukadan
>> >> <bmuthuka at redhat.com>
>> >> wrote:
>> >>
>> >>> Hi,
>> >>>
>> >>> ALMighty architecture is going to support Multitenancy, right?
>> >>>
>> >> To the bone, yes.
>> >
>> > what is unclear though is how the multi tenancy will work.
>> >
>> > i.e. is it like github/jira where one instance under one url has many
>> > projects with shared users/orgs
>> > or is it more like VSO where each domain has one project with users
>> > shared across many domains.
>> >
>> > Eagerly waiting for some of the "new project" PDD/UX stories to
>> > actually
>> > start getting that settled down.
>> >
>> > /max
>> >
>> >>
>> >>> Regards,
>> >>> Baiju M
>> >>>
>> >>> _______________________________________________
>> >>> almighty-public mailing list
>> >>> almighty-public at redhat.com
>> >>> https://www.redhat.com/mailman/listinfo/almighty-public
>> >>>
>> >>>
>> >>
>> >> --
>> >> Red Hat Developer Programs Architecture
>> >> @ALRubinger
>> >
>> >> _______________________________________________
>> >> almighty-public mailing list
>> >> almighty-public at redhat.com
>> >> https://www.redhat.com/mailman/listinfo/almighty-public
>> >
>> > /max
>> > http://about.me/maxandersen
>> >
>> > _______________________________________________
>> > almighty-public mailing list
>> > almighty-public at redhat.com
>> > https://www.redhat.com/mailman/listinfo/almighty-public
>>
>>
>> /max
>> http://about.me/maxandersen
>>
>>
>>
>> ------------------------------
>>
>> Message: 5
>> Date: Thu, 22 Sep 2016 21:21:05 -0400
>> From: Todd Mancini <tmancini at redhat.com>
>> To: Max Rydahl Andersen <manderse at redhat.com>
>> Cc: ALMighty-public <almighty-public at redhat.com>,       Andrew Lee
>> Rubinger
>>         <alr at redhat.com>
>> Subject: Re: [almighty] Multitenancy
>> Message-ID:
>>         <CAKu1u8ygL9Sym=SnNqnG=mjii1j=7J3WRhrAJaYDe9Y6RiLDcA at mail.gm
>> ail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> First, I think I read 'domain' differently than you intended, Max -- my
>> bad.
>>
>> In any event, we'll evolve a proper multi-tenancy definition, one that
>> matches market need but is also grounded in technical feasibility.
>>
>> My sort-of-off-the-top-of-my-head-view is that there is a notion of an
>> "Account," which you could easily call an "Organization." Let's call it an
>> "Organization" for the moment, because I think people will grok that
>> better.
>>
>> An Organization has people in it (at least one). Organizations can be
>> defined entirely within ALMighty, or they can be mapped to some external
>> identification authority (e.g. SAML SSO). That's what I was getting at
>> when
>> I said the 'gmail model', which is really the Google App model -- you can
>> either sign up as an individual (which, arguably, defines an organization
>> with a single person in it), or you can make a whole 'domain' of people.
>> In
>> fact, the most common way to do that with Google is via SAML. Hence, in
>> gmail/Google Drive/etc., there is a notion of the "redhat.com"
>> organization, and Google defers the authentication for that over to
>> saml.redhat.com.
>>
>> Within an organization (which may simply be a single individual), there
>> can
>> be infinite projects. Only members of the org with sufficient rights can
>> create new projects.
>>
>> People can be given rights to a project -- however, this extends out to
>> *all* persons, not just those within the organization. With sufficient
>> permissions, I should be able to invite anyone to be a part of my project.
>> I should be able to have a completely public project, permitting anyone to
>> view it/create new work items/etc. Eventually we'll want a strong
>> permission model on this. (e.g., let me set it up so that anyone can
>> create
>> a new 'issue' in project Foo, but only 'project admins' can change the
>> status of an 'issue' from 'New' to 'Verified').
>>
>>  Similarly, we need a notion of teams. A team is just a collection of
>> people. Although I may want to restrict a team to members of my
>> organization, I should also be able to have teams which include people
>> outside my organization.
>>
>> As such, it would be convenient to also have security "groups" (which,
>> honestly, may simply be teams...I'm not 100% sure if it's needed to have
>> two different concepts), with some predefined such as "Everyone in my
>> organization" or "Any anonymous user." With just a few building blocks
>> such
>> as these, it should be possible to build out most commonly desired access
>> models.
>>
>> We've discussed Areas before, so I believe the combination of Projects +
>> Organizations + Users + Teams + Areas, with applicable control of access
>> rights at the Org, Project, and Area levels, provides an incredibly rich
>> security model.
>>
>> Do we need ALL of that right now? No. But it's worth planning for it.
>>
>> I think our primary focus today should be on Users, Projects and Areas.
>> Let
>> a user sign in, let them make one or more Projects, let them define some
>> Areas, and let them give access to other Users as appropriate (with at
>> least some notion of an 'All Users' user, so I can make some projects
>> 'public').
>>
>>    Thoughts?
>>    -Todd
>>
>> On Thu, Sep 22, 2016 at 6:47 PM, Max Rydahl Andersen <manderse at redhat.com
>> >
>> wrote:
>>
>> > On 23 Sep 2016, at 0:37, Todd Mancini wrote:
>> >
>> > It's not clear to me what URLs have to do with multi-tenancy. The VSTS
>> >> approach (which is actually one "org" per FQDN, but with infinite
>> >> projects per org) was chosen for technical reasons, not product
>> >> management ones.
>> >>
>> >
>> > it was more that VSTS by default seem to create much more separation
>> > between projects/orgs than
>> > anything else I've seen - if that is just pure perception then all good
>> :)
>> >
>> > So, do you have a technical preference?
>> >>
>> >
>> > I'll let Aslak respond to that.
>> >
>> > The GitHub model seems to work well. But since we also plan to handle
>> >> enterprise SSO (via SAML, for example), the Gmail model also works well
>> >> (as far as PM is concerned). I'm not married to particular URL schemes.
>> >>
>> >
>> > gmail model ? you mean the separation of the gmail community offering vs
>> > the google product offerings
>> > where you get your own domain if you want to be truly separate ?
>> >
>> > /max
>> >
>> >
>> > Sent from my phone, so anticipate hilarious autocorrectsFrom: Max
>> >> Rydahl Andersen
>> >> Sent: ?9/?22/?2016 6:24 PM
>> >> To: Andrew Lee Rubinger
>> >> Cc: ALMighty-public
>> >> Subject: Re: [almighty] Multitenancy
>> >> On 22 Sep 2016, at 21:08, Andrew Lee Rubinger wrote:
>> >>
>> >> On Thu, Sep 22, 2016 at 3:07 PM, Baiju Muthukadan
>> >>> <bmuthuka at redhat.com>
>> >>> wrote:
>> >>>
>> >>> Hi,
>> >>>>
>> >>>> ALMighty architecture is going to support Multitenancy, right?
>> >>>>
>> >>>> To the bone, yes.
>> >>>
>> >>
>> >> what is unclear though is how the multi tenancy will work.
>> >>
>> >> i.e. is it like github/jira where one instance under one url has many
>> >> projects with shared users/orgs
>> >> or is it more like VSO where each domain has one project with users
>> >> shared across many domains.
>> >>
>> >> Eagerly waiting for some of the "new project" PDD/UX stories to
>> actually
>> >> start getting that settled down.
>> >>
>> >> /max
>> >>
>> >>
>> >>> Regards,
>> >>>> Baiju M
>> >>>>
>> >>>> _______________________________________________
>> >>>> almighty-public mailing list
>> >>>> almighty-public at redhat.com
>> >>>> https://www.redhat.com/mailman/listinfo/almighty-public
>> >>>>
>> >>>>
>> >>>>
>> >>> --
>> >>> Red Hat Developer Programs Architecture
>> >>> @ALRubinger
>> >>>
>> >>
>> >> _______________________________________________
>> >>> almighty-public mailing list
>> >>> almighty-public at redhat.com
>> >>> https://www.redhat.com/mailman/listinfo/almighty-public
>> >>>
>> >>
>> >> /max
>> >> http://about.me/maxandersen
>> >>
>> >> _______________________________________________
>> >> almighty-public mailing list
>> >> almighty-public at redhat.com
>> >> https://www.redhat.com/mailman/listinfo/almighty-public
>> >>
>> >
>> >
>> > /max
>> > http://about.me/maxandersen
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <https://www.redhat.com/archives/almighty-public/attachments
>> /20160922/e975f795/attachment.html>
>>
>> ------------------------------
>>
>> _______________________________________________
>> almighty-public mailing list
>> almighty-public at redhat.com
>> https://www.redhat.com/mailman/listinfo/almighty-public
>>
>>
>> End of almighty-public Digest, Vol 5, Issue 38
>> **********************************************
>>
>
>
> _______________________________________________
> almighty-public mailing list
> almighty-public at redhat.com
> https://www.redhat.com/mailman/listinfo/almighty-public
>
>


-- 
Red Hat Developer Programs Architecture
@ALRubinger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/almighty-public/attachments/20160923/13d54563/attachment.htm>

More information about the almighty-public mailing list