Open Stack

On Tue, Mar 22, 2011 at 10:48:09AM -0700, Justin Santa Barbara wrote:
>    We can square the circle however - if we want numbers, let's use UUIDs -
>    they're 128 bit numbers, and won't in practice collide.  I'd still prefer
>    strings though...

If we use a number/uuid without a zone prefix, then they can
collide. What happens when I want to burst to my private cloud and
I've fixed my UUIDs to intentionally collide just to cause trouble?

Through peering and bursting we have potentially malicious users
for some deployments and we need to be sure resource ID spoofing and
poisoning is not possible. The simplest way is to have a namespace for
every zone, and the most obvious namespace is the zone name. We'll
of course need a mechanism to detect authenticity of zone names too
(signed certs, etc).

Oh, and all this discussion should not be limited to just instance
IDs, networks and volumes need to be globally addressed as well and
should follow the same mechanism.

-Eric