deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michal Fojtik <mfoj...@redhat.com>
Subject Re: cloud state requirements
Date Mon, 28 May 2012 13:00:16 GMT
On 05/28/12, Jan Provaznik wrote:
> >>TODO: how to handle credentials? will the stateful app keep credentails
> >>permanently for each instance being checked?
> >
> >As much as this worries me from a security standpoint, I don't see
> >another way around this - cloud API's generally don't allow any
> >delegation of auth.
> >
> >There's a couple more TODO's connected to credentials:
> >
> >TODO: how are credentials changes handled (user revokes API Key and
> >generates a new one) ? [not for the first cut]
> >
> 
> We might allow update action for the Instance resource, this can then be
> easily called from Conductor.

Or we can create a SHA1 from credentials and use it to identify the hooks
in instances. Then two clients will not be able to see their hooks.

> >TODO: when are stored credentials purged ? We want to make sure we get
> >rid of them as quickly as possible.
> >
> 
> I would say that credentials are deleted together with the instance with
> which they are associated.

Also we need to purge them when they become invalid. Mean when we are not
longer able to authenticate to backend cloud.

> 
> Jan

-- 
Michal Fojtik
Sr. Software Engineer, Deltacloud API (http://deltacloud.org)

Mime
View raw message