On Mon, Apr 18, 2011 at 12:15 PM, Eric Day <[email protected]> wrote: > We'll also want to decide if we need a default mechanism for > OpenStack deployments, and if so, what should it be. We had a > discussion previously and I think it was somewhere between token > and HTTP basic w/ SSL. The reason for this is we need to make sure > different deployments are compatible.
I'm still gonna argue for key signing to be a first-class auth scheme. It enables things that can't be done with token or basic auth, like signed URLs and unencrypted requests. Both of these are desirable for Swift, at the least. It kind of sucks that key signing (as least as implemented by the EC2/S3 API) requires a key to be available to both sides in plaintext. Public key crypto is one way to fix that, but I don't really know how practical that is. -- Mike Barton _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
