On 05/28/12, Jan Provaznik wrote: > >>TODO: how to handle credentials? will the stateful app keep credentails > >>permanently for each instance being checked? > > > >As much as this worries me from a security standpoint, I don't see > >another way around this - cloud API's generally don't allow any > >delegation of auth. > > > >There's a couple more TODO's connected to credentials: > > > >TODO: how are credentials changes handled (user revokes API Key and > >generates a new one) ? [not for the first cut] > > > > We might allow update action for the Instance resource, this can then be > easily called from Conductor.
Or we can create a SHA1 from credentials and use it to identify the hooks in instances. Then two clients will not be able to see their hooks. > >TODO: when are stored credentials purged ? We want to make sure we get > >rid of them as quickly as possible. > > > > I would say that credentials are deleted together with the instance with > which they are associated. Also we need to purge them when they become invalid. Mean when we are not longer able to authenticate to backend cloud. > > Jan -- Michal Fojtik Sr. Software Engineer, Deltacloud API (http://deltacloud.org)
