openstack team mailing list archive

Thread
Date

Re: State of OpenStack Auth

To: Gregory Holt <gholt@xxxxxxxxxxxxx>
From: Jorge Williams <jorge.williams@xxxxxxxxxxxxx>
Date: Thu, 3 Mar 2011 17:04:01 +0000
Accept-language: en-US
Cc: "<openstack@xxxxxxxxxxxxxxxxxxx>" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <5EDA941C-8894-416A-9F13-F48D19613A59@rackspace.com>
Thread-index: AQHL2FOLxMAcMEeuwk+bhZU09s2FOZQZW+qAgAABmwCAARNsAIAA2PyAgADcyoCAABczgA==
Thread-topic: [Openstack] State of OpenStack Auth

I agree with Greg here.  Signatures complicate life for our clients, they are not browser friendly, and I'm not really convinced that we need them. If we are going to have a default (and I think that we should) it should be dead simple to integrate with.   I would vote for basic auth with https.  

-jOrGe W.

On Mar 3, 2011, at 9:40 AM, Greg wrote:

> On Mar 2, 2011, at 8:30 PM, Jesse Andrews wrote:
> 
>> I would prefer a signature based approach as the default (as signatures limits replay attacks; tokens allow an eavesdropper to make arbitrary requests if they obtain a token).
> 
> On the other hand, signatures make simple things difficult, such as quick curl requests, dev testing, etc. The usual tradeoff of security and convenience.
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: State of OpenStack Auth
From: Michael Mayo, 2011-03-03

References

State of OpenStack Auth
From: Eric Day, 2011-03-01
Re: State of OpenStack Auth
From: Soren Hansen, 2011-03-01
Re: State of OpenStack Auth
From: Eric Day, 2011-03-01
Re: State of OpenStack Auth
From: Soren Hansen, 2011-03-01
Re: State of OpenStack Auth
From: Eric Day, 2011-03-01
Re: State of OpenStack Auth
From: Jorge Williams, 2011-03-02
Re: State of OpenStack Auth
From: Jesse Andrews, 2011-03-03
Re: State of OpenStack Auth
From: Greg, 2011-03-03