On Mar 2, 2011, at 8:30 PM, Jesse Andrews wrote: > I would prefer a signature based approach as the default (as signatures > limits replay attacks; tokens allow an eavesdropper to make arbitrary > requests if they obtain a token).
On the other hand, signatures make simple things difficult, such as quick curl requests, dev testing, etc. The usual tradeoff of security and convenience. _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
