[openstack-dev] Secure RPC
Russell Bryant
rbryant at redhat.com
Fri Nov 9 23:12:44 UTC 2012
On 11/09/2012 04:32 PM, David Chadwick wrote:
> On 06/11/2012 13:35, Russell Bryant wrote:
>
>>
>> I think we need machine-based signing. Really, I want machine+role
>> signing.
>>
>> Some things I'd like to be able to do ...
>>
>> 1) I want to ensure that only the nova-scheduler service is allowed to
>> tell nova-compute services to start a new VM. Services of another type
>> should not be allowed to do this. Role-based signing would cover this
>> case.
>
>
> We already have open source code that provides this functionality based
> on X.509 ACs i.e.
> i) assign a role securely to an entity
> ii) grant an entity the right to do something based on its role
Sorry if I missed something, but what open source code are you referring to?
--
Russell Bryant
More information about the OpenStack-dev
mailing list