On 05/16/2017 12:01 PM, Sean Dague wrote: > After the forum session on logging, we came up with what we think is an > approach here for global request ids - > https://review.openstack.org/#/c/464746/ - it would be great of > interested operators would confirm this solves their concerns. > > There is also an open question. A long standing concern was "trusting" > the request-id, though I don't really know how that could be exploited > for anything really bad, and this puts in a system for using service > users as a signal for trust. > > But.... the whole system is a lot easier, and comes together quicker, if > we don't have that. For especially public cloud users, are there any > concerns that you have in letting users set Request-Id (assuming you'll > also still have a 2nd request-id that's service local and acts like > request-id today)?
FYI, right now CERN and Godaddy expressed that they don't need strong trust validation on these ids (as long as they are validated to look like a uuid, so no injection concerns). We've had no people providing rationale on the original fears around doing that. So unless I hear something in the next 24 hours we'll update the spec to drop that part. -Sean -- Sean Dague http://dague.net _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators