[Openstack] State of OpenStack Auth
Eric Day
eday at oddments.org
Tue Mar 1 20:59:25 UTC 2011
Well, hopefully with a shared, modular service, we can add a token
module that uses cookies instead. :)
-Eric
On Tue, Mar 01, 2011 at 09:53:36PM +0100, Soren Hansen wrote:
> On a subject of authentication, I've always been puzzled why the token
> isn't just set as a standard http cookie?
>
> If it were, it would be dead simple to render a bit of HTML and
> interact with the API directly from a web server. The EC2 API can't do
> this because of the rather complex signature mechanism, but we're so
> incredibly close, yet so depressingly far away from being able to do
> this.
>
> --
> Soren Hansen
> Ubuntu Developer http://www.ubuntu.com/
> OpenStack Developer http://www.openstack.org/
More information about the Openstack
mailing list