[Openstack] State of OpenStack Auth

Jorge Williams jorge.williams at rackspace.com
Thu Mar 3 17:04:01 UTC 2011



I agree with Greg here.  Signatures complicate life for our clients, they are not browser friendly, and I'm not really convinced that we need them. If we are going to have a default (and I think that we should) it should be dead simple to integrate with.   I would vote for basic auth with https.  

-jOrGe W.

On Mar 3, 2011, at 9:40 AM, Greg wrote:

> On Mar 2, 2011, at 8:30 PM, Jesse Andrews wrote:
> 
>> I would prefer a signature based approach as the default (as signatures limits replay attacks; tokens allow an eavesdropper to make arbitrary requests if they obtain a token).
> 
> On the other hand, signatures make simple things difficult, such as quick curl requests, dev testing, etc. The usual tradeoff of security and convenience.
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp





More information about the Openstack mailing list