openstack team mailing list archive

Thread
Date

Re: State of OpenStack Auth

To: Eric Day <eday@xxxxxxxxxxxx>
From: Soren Hansen <soren@xxxxxxxxxx>
Date: Tue, 1 Mar 2011 21:53:36 +0100
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20110301203153.GA5445@oddments.org>
Sender: soren@xxxxxxxxxxx

On a subject of authentication, I've always been puzzled why the token
isn't just set as a standard http cookie?

If it were, it would be dead simple to render a bit of HTML and
interact with the API directly from a web server. The EC2 API can't do
this because of the rather complex signature mechanism, but we're so
incredibly close, yet so depressingly far away from being able to do
this.

-- 
Soren Hansen
Ubuntu Developer    http://www.ubuntu.com/
OpenStack Developer http://www.openstack.org/

Follow ups

Re: State of OpenStack Auth
From: Eric Day, 2011-03-01
Re: State of OpenStack Auth
From: Monsyne Dragon, 2011-03-01

References

State of OpenStack Auth
From: Eric Day, 2011-03-01