Comment 12 for bug 1308413
Revision history for this message
| Erno Kuvaja (jokke) wrote Re: TENANT2 can list the image belonging to TENANT1 while using v2 api with registry | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
My point of view to the situation is that Security is based on 3 base components:
1) Authentication: Verifying that the requestor is who it/(s)he is claming to be
2) Authorization: What that instance is allowed to see/do
3) Enforcement: Making sure that the previous is followed
For us the Keystone is taking care of the first part. If for any reason Keystone or what ever is handling our Authentication does not provide us the details needed to fulfill the two last points we should not assume that we will give everything out. After all Glance is responsible for the Authorization and Enforcement.
I do not think the operators of OpenStack clouds would be too pleased if potential bug in our Authentication would expose all images to the requestor. Ofcourse this is decision that has been/needs to be made if we want to default the behavior to allow all and communicated accordingly. Then the behavior should also be consistent regardless if API server is using sqlalchemy or registry as back end. This is not the case currently.