[Openstack] State of OpenStack Auth

Michael Barton mike-launchpad at weirdlooking.com
Wed Mar 2 16:29:18 UTC 2011

> a secure channel too, but if not attacks are less severe since they
> are limited to reply attacks only (the request and parameters are used
> as part of the signature). We can easily support both (and others),
> but we need to understand the needs and constraints of each.

HMAC is sort of appealing for Swift, since it'd let people choose to
use HTTP instead of HTTPS for data that's not sensitive.

-- Mike

More information about the Openstack mailing list