[Openstack] State of OpenStack Auth
Jorge Williams
jorge.williams at rackspace.com
Thu Mar 3 17:04:01 UTC 2011
I agree with Greg here. Signatures complicate life for our clients, they are not browser friendly, and I'm not really convinced that we need them. If we are going to have a default (and I think that we should) it should be dead simple to integrate with. I would vote for basic auth with https.
-jOrGe W.
On Mar 3, 2011, at 9:40 AM, Greg wrote:
> On Mar 2, 2011, at 8:30 PM, Jesse Andrews wrote:
>
>> I would prefer a signature based approach as the default (as signatures limits replay attacks; tokens allow an eavesdropper to make arbitrary requests if they obtain a token).
>
> On the other hand, signatures make simple things difficult, such as quick curl requests, dev testing, etc. The usual tradeoff of security and convenience.
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
More information about the Openstack
mailing list