Open Stack

> 
> Of the two things I've mentioned so far, signing and RBAC, signing probably seems to be the easiest but you need to decide how you're going to sign and what crypto primitives we're going to use (this is relevant to the encryption discussion too). At the design summit someone suggested sending a X.509 public certificate along with a signed call - this is kind of crazy, there's no way we can send around 1.5kb of extra data for each message, you could send the public key lets assume we're using 2048bit RSA - that still means we're adding 256bytes to every message.

I suggested this, but I never intended it as an end-all-be-all, but as an optional solution that would work out of the box without an external system. Something we could use and test with during implementation, and potentially unit tests, without dependency on a key server. People could deploy with it too for small installations, but it wouldn't be pretty. The diagram I presented at the summit highlighting the wire-format changes was not well represenative of the flexibility of the signature-chain element. Based on that that feedback, I revised this for the conference-track talk.

Larger installations would use a serious key management solution. Eventually, someone might want to be able to put this stuff in Keystone, and that could be an out of the box solution.

Regards,
Eric Windisch

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121024/2b9f350b/attachment.html>