I would actually like to see us downcase, (ASCII downcase, anyway), the role names when they are created. Then we will not get into trouble when interfacing with case-insensitive systems -- the question of case will never come up.
Case sensitive comparisons are less code and run faster, so they should be preferred for that reason. People will tend to write case sensitive code without thinking about it, so a policy of case-insensitive comparison could lead to a world with more bugs. I think case and security are mostly orthogonal. Cheers, Tim On Jun 8, 2012, at 3:34 PM, Brian Waldon wrote: > I guess I'm looking at this from more of a purist development point of view: > 'Admin' and 'admin' just can't be equal. If I think of this as comparing > roles, where a role is an abstract concept, case-insensitivity makes more > sense. A string is simply being used to represent the role, where the intent > of the role is what really needs to be compared. > > My goal here is to get everybody on board with a single approach and apply it > across all projects. I don't *really* care too much which approach we take. > > Waldon > > On Jun 8, 2012, at 3:27 PM, Kiall Mac Innes wrote: > >> Sure - The most obvious reason is human error leading to a security hole. >> E.g. Accidently assigning a user "Admin" when you really meant to assign >> "admin". >> >> Treating roles as case insensitive helps prevent this kind of human error. >> >> What advantages does allowing distinct "Admin" and "admin" roles provide? >> >> Thanks, >> Kiall >> >> Sent from my phone. >> >> On Jun 8, 2012 11:20 p.m., "Brian Waldon" <brian.wal...@rackspace.com> wrote: >> Can you explain why? >> >> On Jun 8, 2012, at 3:18 PM, Kiall Mac Innes wrote: >> >>> No, I'm suggesting they should all be treated as a single role. I.e. roles >>> should be case insensitive. >>> Thanks, >>> Kiall >>> >>> Sent from my phone. >>> >>> On Jun 8, 2012 11:16 p.m., "Brian Waldon" <brian.wal...@rackspace.com> >>> wrote: >>> I'm suggesting we support only a single representation of a role across all >>> projects: 'admin', 'Admin', and 'admIn' would be three separate roles. >>> >>> Are you suggesting otherwise? >>> >>> On Jun 8, 2012, at 3:14 PM, Kiall Mac Innes wrote: >>> >>>> What's the argument for allowing both, for example, "admin", "Admin" and >>>> "admIn" roles? >>>> >>>> This seems like one place where case insensitive makes the most sense. >>>> >>>> Thanks, >>>> Kiall >>>> >>>> Sent from my phone. >>>> >>>> On Jun 8, 2012 11:01 p.m., "Joseph Suh" <j...@isi.edu> wrote: >>>> I'd vote case-sensitive. >>>> >>>> Joseph >>>> >>>> ---- >>>> (w) 703-248-6160 >>>> (c) 571-340-2434 >>>> (f) 703-812-3712 >>>> 3811 N. Fairfax Drive Suite 200 >>>> Arlington, VA, 22203, USA >>>> http://www.east.isi.edu/~jsuh >>>> >>>> ----- Original Message ----- >>>> From: "Brian Waldon" <brian.wal...@rackspace.com> >>>> To: "openstack@lists.launchpad.net (openstack@lists.launchpad.net)" >>>> <openstack@lists.launchpad.net> >>>> Sent: Friday, June 8, 2012 5:50:45 PM >>>> Subject: [Openstack] Comparing roles - case (in)sensitivity >>>> >>>> >>>> >>>> tl;dr - Should we compare roles as case-sensitive or case-insensitive? I >>>> vote case-sensitive. >>>> >>>> This bug was recently filed in Glance: >>>> https://bugs.launchpad.net/glance/+bug/1010519 . It points out that Nova >>>> and Keystone are both case-insensitive when it comes to role comparison, >>>> yet Glance *is* case sensitive. I'm in favor of moving other projects to a >>>> case-sensitive approach for two main reasons: >>>> >>>> >>>> 1) If a role is a string, and comparing strings is inherently >>>> case-sensitive, then role comparison would logically be case-sensitive >>>> 2) I get to do less work >>>> >>>> >>>> >>>> Thoughts? >>>> >>>> >>>> Brian Waldon >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Mailing list: https://launchpad.net/~openstack >>>> Post to : openstack@lists.launchpad.net >>>> Unsubscribe : https://launchpad.net/~openstack >>>> More help : https://help.launchpad.net/ListHelp >>>> >>>> _______________________________________________ >>>> Mailing list: https://launchpad.net/~openstack >>>> Post to : openstack@lists.launchpad.net >>>> Unsubscribe : https://launchpad.net/~openstack >>>> More help : https://help.launchpad.net/ListHelp >>> >> > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
