From: Radoslaw Zarzynski <rzarzynski@mirantis.com>
To: Pritha Srivastava <prsrivas@redhat.com>
Cc: Casey Bodley <cbodley@redhat.com>,
The Sacred Order of the Squid Cybernetic
<ceph-devel@vger.kernel.org>
Subject: Re: rgw: feedback on auth engine selection
Date: Fri, 9 Sep 2016 17:43:09 +0200 [thread overview]
Message-ID: <CA+H5UW2z3AhZHnJTVb_DYYRMHmMD4Krp=p1hxu9U-w5u6Z3O7w@mail.gmail.com> (raw)
In-Reply-To: <513084813.83123312.1473355275673.JavaMail.zimbra@redhat.com>
On Thu, Sep 8, 2016 at 7:21 PM, Pritha Srivastava <prsrivas@redhat.com> wrote:
> One more requirement to add to the list:
>
> - In case of AWS, two different methods (RGWPostObj_ObjStore_S3::get_policy() and RGW_Auth_S3::authorize), will be making use of the Auth Engines to authenticate a request and the auth key extraction method will be different for both of them. The auth infrastructure needs to take care of this.
Hi Pritha,
Thanks for pointing this out! FormPost implementations
in both S3 (RGWPostObj) and Swift require workflow
very similar to AWS v4. They need to parse fragments
of HTTP body to verify form's integrity (using signature)
before making the ultimate decision whether a request
is authenticated or not.
I think that after extending the infrastructure to cover
AWSv4 we would be also able to:
1. eradicate the get_policy() method of RGWPostObj,
2. avoid implementing similar thing in Swift's FormPost.
Regards,
Radek
next prev parent reply other threads:[~2016-09-09 15:43 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <e2a2e0c9-51e7-b703-2c8d-7b489d4e8994@redhat.com>
2016-09-07 17:19 ` rgw: feedback on auth engine selection Radoslaw Zarzynski
2016-09-07 21:05 ` Casey Bodley
2016-09-08 17:19 ` Radoslaw Zarzynski
2016-09-08 18:23 ` Casey Bodley
2016-09-12 9:48 ` Radoslaw Zarzynski
2016-09-12 18:35 ` Casey Bodley
2016-09-08 21:05 ` Matt Benjamin
2016-09-08 17:21 ` Pritha Srivastava
2016-09-09 15:43 ` Radoslaw Zarzynski [this message]
2016-09-07 21:09 ` Casey Bodley
2016-09-08 15:46 ` Radoslaw Zarzynski
2016-09-08 20:49 ` Casey Bodley
2016-09-11 23:20 ` Radoslaw Zarzynski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+H5UW2z3AhZHnJTVb_DYYRMHmMD4Krp=p1hxu9U-w5u6Z3O7w@mail.gmail.com' \
--to=rzarzynski@mirantis.com \
--cc=cbodley@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=prsrivas@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.