admiyo

package com.younglogic.dictionary;

import java.util.Dictionary;
import java.lang.reflect.Constructor;
import java.lang.reflect.Executable;
import java.lang.reflect.Parameter;


public class User {

admiyo

A Q&A done in email.  Questions are mine, answers are from termie

ayoung:    The immediate thing that jumps out to me as an improvement over trusts is that it standardizes the way that the remote service requests the set of roles.  That was something that I punted on.  I mean, beyond actually using a standard protocol.    If I understand it correctly, Trusts is really just an implementation of the second half of oauth, from steps 1e onward.  The terms used are different, and Trusts doesn't work for non-Keystone services.

    From a security standpoint, nothing jumps out at me as being a weakness in the description.  A couple details we should make explicit:

    The most pressing need we have is for delegation internal to Open Stack, when a service that is itself authenticated to Keystone needs to fetch something for a user out of Glance, and the user is not available at that time.  I think this is what you mean by "If you are just giving a service you are already running access" and by skip to the end it w

admiyo

Plan for Signed tokens.

1. By default disable PKI signed tokens
2. Ensure that auth_token middle ware falls back to online validation if the key is =< 32 chars
3. Make sure that once we enable signed tokens,  hashed tokens continue to work until they are timed out.
4. when upgrading the database,  maintain all of the hashed tokens.
5. Once the Signed tokens code has been accepted and somewhat tested,  switch the default to enable PKI signed tokens.

admiyo

Since I won't be able to attend today's meeting:

The work for Signed tokens is well under way.  I've submitted patches for PKI tokens,  but they will never get through Jenkins.  As such,  I just submitted

https://review.openstack.org/#/c/8932/


Which can be used to generate the keys and certs required.

Once this is in,  we will need a change to CI in order to call this code prior to running the integration tests.

admiyo

{
    "error": null, 
    "id": 8, 
    "result": {
        "result": {
            "attributelevelrights": {
                "aci": "rsc", 
                "audio": "rsc", 
                "businessCategory": "rsc", 
                "carLicense": "rsc", 

admiyo

require 'rubygems'
require 'libxml'

include LibXML

module  JPPRepo 

  $jpprepo = nil

  class ArchiveDef

admiyo

[ayoung@ayoung buildr-1.3.5]$ diff -Nurd  /usr/lib/ruby/gems/1.8/gems/buildr-1.3.5/lib/buildr/packaging/artifact.rb ./lib/buildr/packaging/artifact.rb
--- /usr/lib/ruby/gems/1.8/gems/buildr-1.3.5/lib/buildr/packaging/artifact.rb	2010-04-02 11:01:20.000000000 -0400
+++ ./lib/buildr/packaging/artifact.rb	2010-04-16 16:38:01.287801317 -0400
@@ -341,6 +341,7 @@
 
   protected
 
+
     # :call-seq:
     #   download

admiyo

repositories.local = "m2/repository"

module  JPPRepo 
  def build_path(group_path, id, version, name)
    #    return  "#{group_path}/#{id}/#{version}/#{File.basename(name)}"
    return "HA HA I BORKED IT"
  end
end

admiyo

<consumer>
−
<facts>
<id>3</id>
<metadata/>
</facts>
<id>3</id>
−
<idCert>
<id>3</id>

admiyo

cat consumer.json
{"consumer": {
                    "type": {'label': 'virt_system'},
                    "name": 'deleteme',
                    "facts": {
                       "metadata": 'Hardware'
                    }
            }
}