[Maas-devel] State of RPC registration and security #2
Gavin Panella
gavin.panella at canonical.com
Fri Oct 10 10:52:05 UTC 2014
On 10 October 2014 11:04, Andres Rodriguez <...> wrote:
...
> What was discussed this week is that the cluster page should be able
> to generate a token and use that token to tell the cluster to register
> to the region. We can have a show shared secret or token that will be
> used for registration. The command line should also be there but also
> UI.
Yeah, we discussed that earlier this week, but I've had time to think
since then. Transmitting the secret over the network even for the web UI
seriously diminishes the trust we can place in that secret. I think we
should discuss this before doing it, because once it's done it can't be
undone.
...
> What was discussed this week was essentially creating a token on the
> Region Cluster Page, and use that token to register the cluster with
> the region. The shared secret seems to be this token for the time
> being. Right?
It is that token, yes.
More information about the Maas-devel
mailing list