On 05/09/2012 08:36 AM, Doug Hellmann wrote: > > > On Tue, May 8, 2012 at 8:43 PM, Nick Barcet <nick.bar...@canonical.com > <mailto:nick.bar...@canonical.com>> wrote: > > On 05/08/2012 11:39 AM, Doug Hellmann wrote: > [..] > > * Requests must be authenticated (separate from keystone, or > only linked > > to accounting type account) > > > > > > What is the motivation for authenticating with a service other than > > keystone? > > The only thing I am trying to express here is that that profiles that > have access to other OpenStack components should not necessarily have > access to metering information. This information should be accessible > only a few select users which group may or may not intersect with users > stored in Keystone already. > > > I see. Is it enough to say that the API is meant for "admin" users only, > or does that still imply more access than we want to grant?
I don't see the point to try to restrict admins from this, as it would be mostly pointless in the end, but I do see the need to define a type of account which only right is to consult this information without any other privilege. Nick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp