[openstack-dev] [nova][keystone] Message Queue Security
David Chadwick
d.w.chadwick at kent.ac.uk
Thu Apr 25 18:55:55 UTC 2013
Conventional wisdom is that you should not roll your own security but
use tried and trusted mechanisms. So what is wrong with using Kerberos?
David
On 25/04/2013 17:02, Simo Sorce wrote:
> What I am not going to do and will strongly object to is to add means to
> negotiate algorithms. If you want to go down that rabbit hole we should
> just stop trying to do our own and instead use an existing
> implementation like Kerberos and simply build APIs on top of it so it
> can be exposed via HTTP instead of the traditional stream oriented
> GSSAPI.
More information about the OpenStack-dev
mailing list