On 16/05/17 01:06, Colleen Murphy wrote:
Additionally, I think OAuth - either extending the existing OAuth1.0 plugin or implementing OAuth2.0 - should probably be on the table.
I believe that OAuth is not a good fit for long-lived things like an application needing to communicate with its own infrastructure. Tokens are (a) tied to a user, and (b) expire, neither of which we want. Any use case where you can't just drop the user into a web browser and ask for their password at any time seem to be, at a minimum, excruciatingly painful and often impossible with OAuth, because that is the use case it was designed for.
cheers, Zane. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
