openstack team mailing list archive

[Brian Schott <brian.schott@xxxxxxxxxxxxxxxxxx>]

Eric,

I've heard this argument before, but I don't understand how <account>  can't be injected as well to cause collisions.  UUIDs can't be trusted when user generated.  As long as the UUIDs are generated consistently across all OpenStack deployments (using the same UUID type and consistent policy on any input parameters) they could be globally unique for all time (in the long term, we're all dead, so close enough).

So, nova-<uuid> is sufficient.

On Jul 11, 2011, at 12:42 PM, Eric Day wrote:

> Agreed, anyone could inject UUIDs that collide. UUIDs alone are not
> sufficient, you need a namespace prefix as well (something I brought
> up many times before on other ID threads). The full ID needs to be
> something like:
> 
> nova-<account>-<instance uuid>
> 
> Or something along those lines (service and account/namespace
> can be another part of a URL, it doesn't need to be the ID string
> itself). Swift already does this (account/container/object), so we
> have a pretty good example to follow here.

-------------------------------------------------
Brian Schott, CTO
Nimbis Services, Inc.
brian.schott@xxxxxxxxxxxxxxxxxx
ph: 443-274-6064  fx: 443-274-6060

Attachment: smime.p7s
Description: S/MIME cryptographic signature