deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Koper, Dies" <>
Subject RE: authentication with certificates
Date Thu, 01 Mar 2012 23:15:29 GMT
Hi David,

> The size issue is troublesome - by default, Apache limits headers to
> We'd need to get a good idea on how big the headers will become, and
> document that people will have to bump the corresponding config
> on their servers.

My certificate is 6Kb when converted to PEM. I suppose it could be more
for other regions, depending on the number of intermediate certificates
that are included.
I couldn't find the limit for Thin.

> Yes, I agree that that seems the best route. Longer term, option 2
> be hugely preferrable. If that is not possible, we can think about
> adding some sort of 'authenticate' API call, that lets the user upload
> their key material. In return they'd get a username/password for
> subsequent requests. It would of course require that the key material
> stored on the DC server ...

I like that third option. At least once the user has uploaded the key
material (a one-time thing), they can use the API in the same way as for
other providers.

> > What do you think? Do you have an idea of how most users deploy
> > DeltaCloud server, locally or on a shared machine?
> Both, and it doesn't really matter: users have to trust the DC server
> they talk to for all servers. Whether they trust a DC server is a
> of whether they trust whoever is running that server, and will vary
> user to user.

Well, I trust my sysadmin to host DC on his servers and keep it running.
I also trust he's not interested enough in my cloud stuff to bother
using my certificate. Colleagues however, may like to "borrow" mine when
they don't have access to something I have access to ;)

Thanks a lot, I'll proceed with option 1 for now.

View raw message