← Back to team overview

openstack team mailing list archive

Re: State of OpenStack Auth

 

On a subject of authentication, I've always been puzzled why the token
isn't just set as a standard http cookie?

If it were, it would be dead simple to render a bit of HTML and
interact with the API directly from a web server. The EC2 API can't do
this because of the rather complex signature mechanism, but we're so
incredibly close, yet so depressingly far away from being able to do
this.

-- 
Soren Hansen
Ubuntu Developer    http://www.ubuntu.com/
OpenStack Developer http://www.openstack.org/



Follow ups

References