[occi-wg] OCCI Security
Michael Behrens
michael.behrens at r2ad.com
Thu Aug 27 22:10:01 CDT 2009
I noticed that a security section is needed in the doc.
I'm not a security expert, however I like how Rackspace cloud modeled their security as it starts with an authentication URI which returns in the response a session unique access URI for all subsequent service calls (assuming the authentication was successful). This creates a session of sorts which will expire after a time or could end upon request I believe.
I noticed that the Sun Cloud API takes a different approach which requires basic authentication for every request.
Anyway - just wanted to make sure we get something captured in this area. Since the RackSpace APIs are open now (right?) - there model might be good to examine (as well as others of course).
http://www.rackspacecloud.com/cloud_hosting_products/servers/api
http://kenai.com/projects/suncloudapis/pages/CommonBehaviors
Michael Behrens
R2AD, LLC
(571) 594-3008 (cell)
(703) 714-0442 (land)
More information about the occi-wg
mailing list