<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/20/2012 11:10 PM, Dolph Mathews
wrote:<br>
</div>
<blockquote
cite="mid:CAC=h7gWOAKS9i-Qg7qTuVpVT7KL=gkAC=hMyrdaCKYawfJZi_g@mail.gmail.com"
type="cite">I'd vote for POST for exactly the reasoning <span></span>you
describe. I'd also consider avoiding putting the trust ID in the
URL for the same reason we don't want token ID's in URL's: it's a
secret and effectively a credential.</blockquote>
I suspected someone would respond with that. It actually is not a
secret. The user must authenticate as themselves in order to get
the token for the trust. Anyone can know about the trust, only the
trustee can get a token for that trust.<br>
<br>
That said, it might be smart to hide the trust ID just because "why
share it."<br>
<br>
Would it make more sense to do as the payload <br>
{trust_id:"123456789ABCDEF"}<br>
<br>
And make the POST to /token/trusts/{trustid} ?<br>
<br>
<br>
<br>
<blockquote
cite="mid:CAC=h7gWOAKS9i-Qg7qTuVpVT7KL=gkAC=hMyrdaCKYawfJZi_g@mail.gmail.com"
type="cite">
<div>
<div><br>
On Thursday, December 20, 2012, Adam Young wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">I
originally wrote that the Trusts API was going to use the
Authenticate call (HTTP POST to /tokens) to get a token
for the trust, but the more I think about it, the less I
like this. We have already overloaded that call with too
many different ways to get a token.<br>
<br>
It would not be proper instead to use:<br>
<br>
GET /trusts/{trustid}/token<br>
<br>
To get a token for a trust, GET is supposed to be
idempotent. It seems like it should be a POST verb, as we
are getting back a new object. Thus would<br>
<br>
POST /trusts/{trustid}/token<br>
<br>
Make more sense? I can see an argument that getting a token
should be under the token router and controller. Thus
maybe:<br>
<br>
POST /token/trusts/{trustid}<br>
<br>
Would be the right action and URL? Any Feedback?<br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a moz-do-not-send="true">OpenStack-dev@lists.openstack.org</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</blockquote>
</div>
</div>
<br>
<br>
-- <br>
<div><br>
</div>
-Dolph<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
OpenStack-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>