Comment 8 for bug 732907
Revision history for this message
| Eric Day (eday) wrote Re: [Bug 732907] Re: OpenStack and EC2 APIs use different usernames and passwords | #8 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
On Fri, Mar 11, 2011 at 09:35:22AM -0000, justinsb wrote:
> I think Ewan nailed the explanation - it's a terrible user experience.
> In the absence of a solid technical reason, I just don't understand why
> we would want to do that.
The main reason I'm aware is so you can generate multiple access
keys/secrets for the same account (tied to a single user/pass). This
allows you to hand out access keys to various places (management
websites, tools, etc.) and revoke those access keys if needed should
something happen to just a single tool. This doesn't require changing
your password everywhere. The same thing can be accomplished with
proper user management within a single account, it's just another
way of looking at the same problem.
If we go with token based auth, this may be a bit more difficult
since OS can lookup the token, but EC2 would not use the token (it
needs key and secret for signature). So some clients would be need
to use ec2 style and others would simply have a token. All things to
discuss at the summit probably as we figure out the auth plan.
-Eric