openstack team mailing list archive

["Nguyen, Liem Manh" <liem_m_nguyen@xxxxxx>]

Hi Chmouel,

The code looks good (+1 it for allowing anonymous access), but specifically for tempurl support, we will still need to validate the user's identity.  The only difference is that we will validate the user's identity via a signature vs a token.  We still need to validate that the assumed identity does indeed have access to the given container (i.e., you cannot give someone access to a container you yourself do not have access to via the tempurl mechanism).

More on the BP here:

http://wiki.openstack.org/Projects/IncubatorApplication/Keystone?action=AttachFile&do=get&target=Tempurl+blueprint+proposal

Thanks,
Liem

-----Original Message-----
From: openstack-bounces+liem_m_nguyen=hp.com@xxxxxxxxxxxxxxxxxxx [mailto:openstack-bounces+liem_m_nguyen=hp.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Chmouel Boudjnah
Sent: Tuesday, May 15, 2012 8:46 AM
To: Rouault, Jason (Cloud Services)
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Swift: tempURL

On Tue, May 15, 2012 at 4:46 PM, Rouault, Jason (Cloud Services)
<jason.rouault@xxxxxx> wrote:
> There is a blueprint for this work in Keystone Folsom

Review is up: https://review.openstack.org/7446

Chmouel.

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp