[openstack-dev] [all] making project_id optional in API URLs
msm at redhat.com
Wed Dec 9 15:02:34 UTC 2015
On 12/08/2015 05:59 PM, Adam Young wrote:
> I think it is kindof irrelevant. It can be there or not be there in the
> URL itself, so long as it does not show up in the service catalog. From
> an policy standpoint, having the project in the URL means that you can
> do an access control check without fetching the object from the
> database; you should, however, confirm that the object return belongs to
> the project at a later point.
from the policy standpoint does it matter if the project id appears in
the url or in the headers?
More information about the OpenStack-dev