1041590 – [RFE][swift]: Object ACLs support

Bug 1041590 - [RFE][swift]: Object ACLs support

Summary: [RFE][swift]: Object ACLs support

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	RFEs
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	RHOS Maint
QA Contact:
Docs Contact:
URL:	https://blueprints.launchpad.net/swif...
Whiteboard:	upstream_milestone_none upstream_stat...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-12-12 18:07 UTC by RHOS Integration
Modified:	2015-03-19 17:23 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-03-19 17:23:19 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-12 18:07:40 UTC

Cloned from launchpad blueprint https://blueprints.launchpad.net/swift/+spec/object-acls.

Description:

Evaluate what (if any) can be offered as Object ACLs on top of the container ACLs 
Thoughts coming up from the summit:
1. Check Container ACLs first, if ok, and if object ACLs exists, also check object ACLs

2. Consider implications of checking Object ACLs at the Object Server (using auth middleware at the object server)
     Note this means that each object server checks the ACLs individually and that we check later in the game. 
     Consider offering read ACLs but without write ACLs, to avoid cases in which object server are unaligned leading to undefined states.

3. Consider alternative to 2, checking  the ACLs at the proxy after the call have been made - this works for GET but not for modify (DELETE/PUT/POST). 


Specification URL (additional information):

None

Note You need to log in before you can comment on or make changes to this bug.