openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #13074
Re: Comparing roles - case (in)sensitivity
So it sounds like we're going with case-insensitive string comparison for role names. There's already a patch in review for Glance, but it sounds like we'll need to get something up for Swift. Thanks for the input, guys!
Brian
On Jun 8, 2012, at 8:27 PM, Dolph Mathews wrote:
> Role *names* are a human-interface element (arbitrarily defined by users for organizational purposes) and humans would intuitively compare them with case insensitivity (they're comparing organizational meaning, not strings)... if we're going to bother comparing them in code, I'd prefer it to be done with case-insensitivity to avoid confusion.
>
> However, the machine-readable identifier is really intended to be the Role ID (UUID, etc) from keystone.
>
> -Dolph Mathews
>
> On Jun 8, 2012, at 6:35 PM, Christopher B Ferris <chrisfer@xxxxxxxxxx> wrote:
>
>> case-insensitive - why would 'Admin' and 'admin' be different? Sure, a role is represented by a string, but why does that string need to be case sensitive?
>> I'd think that if you had distinct roles attributed to 'Admin' and 'admin' that that would lead to confusion.
>>
>> Cheers,
>>
>> Christopher Ferris
>> IBM Distinguished Engineer, CTO Industry and Cloud Standards
>> Member, IBM Academy of Technology
>> IBM Software Group, Standards Strategy
>> email: chrisfer@xxxxxxxxxx
>> Twitter: christo4ferris
>> phone: +1 508 234 2986
>>
>>
>> -----openstack-bounces+chrisfer=us.ibm.com@xxxxxxxxxxxxxxxxxxx wrote: -----
>> To: Kiall Mac Innes <kiall@xxxxxxxxxxxx>
>> From: Brian Waldon
>> Sent by: openstack-bounces+chrisfer=us.ibm.com@xxxxxxxxxxxxxxxxxxx
>> Date: 06/08/2012 07:21PM
>> Cc: "openstack@xxxxxxxxxxxxxxxxxxx \(openstack@xxxxxxxxxxxxxxxxxxx\)" <openstack@xxxxxxxxxxxxxxxxxxx>
>> Subject: Re: [Openstack] Comparing roles - case (in)sensitivity
>>
>> I guess I'm looking at this from more of a purist development point of view: 'Admin' and 'admin' just can't be equal. If I think of this as comparing roles, where a role is an abstract concept, case-insensitivity makes more sense. A string is simply being used to represent the role, where the intent of the role is what really needs to be compared.
>>
>> My goal here is to get everybody on board with a single approach and apply it across all projects. I don't *really* care too much which approach we take.
>>
>> Waldon
>>
>> On Jun 8, 2012, at 3:27 PM, Kiall Mac Innes wrote:
>>
>>> Sure - The most obvious reason is human error leading to a security hole. E.g. Accidently assigning a user "Admin" when you really meant to assign "admin".
>>>
>>> Treating roles as case insensitive helps prevent this kind of human error.
>>>
>>> What advantages does allowing distinct "Admin" and "admin" roles provide?
>>>
>>> Thanks,
>>> Kiall
>>>
>>> Sent from my phone.
>>>
>>> On Jun 8, 2012 11:20 p.m., "Brian Waldon" <brian.waldon@xxxxxxxxxxxxx> wrote:
>>> Can you explain why?
>>>
>>> On Jun 8, 2012, at 3:18 PM, Kiall Mac Innes wrote:
>>>
>>>> No, I'm suggesting they should all be treated as a single role. I.e. roles should be case insensitive.
>>>> Thanks,
>>>> Kiall
>>>>
>>>> Sent from my phone.
>>>>
>>>> On Jun 8, 2012 11:16 p.m., "Brian Waldon" <brian.waldon@xxxxxxxxxxxxx> wrote:
>>>> I'm suggesting we support only a single representation of a role across all projects: 'admin', 'Admin', and 'admIn' would be three separate roles.
>>>>
>>>> Are you suggesting otherwise?
>>>>
>>>> On Jun 8, 2012, at 3:14 PM, Kiall Mac Innes wrote:
>>>>
>>>>> What's the argument for allowing both, for example, "admin", "Admin" and "admIn" roles?
>>>>>
>>>>> This seems like one place where case insensitive makes the most sense.
>>>>>
>>>>> Thanks,
>>>>> Kiall
>>>>>
>>>>> Sent from my phone.
>>>>>
>>>>> On Jun 8, 2012 11:01 p.m., "Joseph Suh" <jsuh@xxxxxxx> wrote:
>>>>> I'd vote case-sensitive.
>>>>>
>>>>> Joseph
>>>>>
>>>>> ----
>>>>> (w) 703-248-6160
>>>>> (c) 571-340-2434
>>>>> (f) 703-812-3712
>>>>> 3811 N. Fairfax Drive Suite 200
>>>>> Arlington, VA, 22203, USA
>>>>> http://www.east.isi.edu/~jsuh
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Brian Waldon" <brian.waldon@xxxxxxxxxxxxx>
>>>>> To: "openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)" <openstack@xxxxxxxxxxxxxxxxxxx>
>>>>> Sent: Friday, June 8, 2012 5:50:45 PM
>>>>> Subject: [Openstack] Comparing roles - case (in)sensitivity
>>>>>
>>>>>
>>>>>
>>>>> tl;dr - Should we compare roles as case-sensitive or case-insensitive? I vote case-sensitive.
>>>>>
>>>>> This bug was recently filed in Glance: https://bugs.launchpad.net/glance/+bug/1010519 . It points out that Nova and Keystone are both case-insensitive when it comes to role comparison, yet Glance *is* case sensitive. I'm in favor of moving other projects to a case-sensitive approach for two main reasons:
>>>>>
>>>>>
>>>>> 1) If a role is a string, and comparing strings is inherently case-sensitive, then role comparison would logically be case-sensitive
>>>>> 2) I get to do less work
>>>>>
>>>>>
>>>>>
>>>>> Thoughts?
>>>>>
>>>>>
>>>>> Brian Waldon
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list: https://launchpad.net/~openstack
>>>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~openstack
>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list: https://launchpad.net/~openstack
>>>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~openstack
>>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
Follow ups
References
-
Re: Comparing roles - case (in)sensitivity
From: Brian Waldon, 2012-06-08
-
Comparing roles - case (in)sensitivity
From: Brian Waldon, 2012-06-08
-
Re: Comparing roles - case (in)sensitivity
From: Joseph Suh, 2012-06-08
-
Re: Comparing roles - case (in)sensitivity
From: Kiall Mac Innes, 2012-06-08
-
Re: Comparing roles - case (in)sensitivity
From: Brian Waldon, 2012-06-08
-
Re: Comparing roles - case (in)sensitivity
From: Kiall Mac Innes, 2012-06-08
-
Re: Comparing roles - case (in)sensitivity
From: Brian Waldon, 2012-06-08
-
Re: Comparing roles - case (in)sensitivity
From: Kiall Mac Innes, 2012-06-08
-
Re: Comparing roles - case (in)sensitivity
From: Christopher B Ferris, 2012-06-08
-
Re: Comparing roles - case (in)sensitivity
From: Dolph Mathews, 2012-06-09