On 12/08/2015 05:59 PM, Adam Young wrote:
I think it is kindof irrelevant. It can be there or not be there in the URL itself, so long as it does not show up in the service catalog. From an policy standpoint, having the project in the URL means that you can do an access control check without fetching the object from the database; you should, however, confirm that the object return belongs to the project at a later point.
from the policy standpoint does it matter if the project id appears in the url or in the headers?
mike __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
