There seems to be a need to stand up api servers inside the firewall which can perform privileged operations.
I had mentioned that this sort of sandboxing should be performed by the normal RBAC capabilities of the auth system. But others would rather draw hard lines in what is available to the public API in the event of a breach.
Hope it helps!
-S
________________________________________
From: <email address hidden> [<email address hidden>] on behalf of Soren Hansen [<email address hidden>]
Sent: Wednesday, November 24, 2010 4:01 AM
To: <email address hidden>
Subject: Re: [Merge] lp:~sandy-walsh/nova/admin-only-api into lp:nova
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at <email address hidden>, and delete the original message.
Your cooperation is appreciated.
There seems to be a need to stand up api servers inside the firewall which can perform privileged operations.
I had mentioned that this sort of sandboxing should be performed by the normal RBAC capabilities of the auth system. But others would rather draw hard lines in what is available to the public API in the event of a breach.
Hope it helps!
-S
_______ _______ _______ _______ _______ _____
From: <email address hidden> [<email address hidden>] on behalf of Soren Hansen [<email address hidden>]
Sent: Wednesday, November 24, 2010 4:01 AM
To: <email address hidden>
Subject: Re: [Merge] lp:~sandy-walsh/nova/admin-only-api into lp:nova
I'm curious what the motivation is?
-- www.ubuntu. com/ www.openstack. org/ /code.launchpad .net/~sandy- walsh/nova/ admin-only- api/+merge/ 41666
Soren Hansen
Ubuntu Developer http://
OpenStack Developer http://
https:/
You are the owner of lp:~sandy-walsh/nova/admin-only-api.
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at <email address hidden>, and delete the original message.
Your cooperation is appreciated.