)]}'
{"specs/kilo/basic-auth.rst":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3df17b924e0535ea3b3e0a9342d85ee8eed4d421","unresolved":false,"context_lines":[{"line_number":5,"context_line":" http://creativecommons.org/licenses/by/3.0/legalcode"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":8,"context_line":"Example Spec - The title of your blueprint"},{"line_number":9,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":10,"context_line":""},{"line_number":11,"context_line":"`bp basic-auth \u003chttps://blueprints.launchpad.net/keystone/+spec/basic-auth\u003e`_"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9aa7fdbe_aff3fa08","line":8,"updated":"2014-10-20 15:31:27.000000000","message":"Replace this with the title of your spec","commit_id":"cac02806bad7ed9eddbca3ecfcd51613ac529b28"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3df17b924e0535ea3b3e0a9342d85ee8eed4d421","unresolved":false,"context_lines":[{"line_number":20,"context_line":"Keystone uses a token for most operations.  However, the mechanism for"},{"line_number":21,"context_line":"requesting a token when using a password is not a standard authentication"},{"line_number":22,"context_line":"mechanism in HTTP.  Using Basic-Auth allows operations that require"},{"line_number":23,"context_line":"authentication to proceed without the user first requesting a token.  In Doing"},{"line_number":24,"context_line":"so, it removes many of the use cases that require Unscoped tokens."},{"line_number":25,"context_line":""},{"line_number":26,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"9aa7fdbe_8fd55645","line":23,"updated":"2014-10-20 15:31:27.000000000","message":"doing*","commit_id":"cac02806bad7ed9eddbca3ecfcd51613ac529b28"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3df17b924e0535ea3b3e0a9342d85ee8eed4d421","unresolved":false,"context_lines":[{"line_number":30,"context_line":"Allow a user to pass user-id and password via Basic-Auth for operations, and"},{"line_number":31,"context_line":"consider that operation authenticate just as if the user had passed in an"},{"line_number":32,"context_line":"unscoped token."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"Alternatives"},{"line_number":36,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9aa7fdbe_2fbe2a00","line":33,"updated":"2014-10-20 15:31:27.000000000","message":"Deprecation plan for unscoped tokens?","commit_id":"cac02806bad7ed9eddbca3ecfcd51613ac529b28"},{"author":{"_account_id":2218,"name":"Adam Young","email":"adam@younglogic.com","username":"ayoung"},"change_message_id":"70084c2d040800e1b9c6c2f928f23e7ecc8c3f52","unresolved":false,"context_lines":[{"line_number":30,"context_line":"Allow a user to pass user-id and password via Basic-Auth for operations, and"},{"line_number":31,"context_line":"consider that operation authenticate just as if the user had passed in an"},{"line_number":32,"context_line":"unscoped token."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"Alternatives"},{"line_number":36,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"7a8c0949_8f8623b8","line":33,"in_reply_to":"9aa7fdbe_2fbe2a00","updated":"2014-11-01 01:19:31.000000000","message":"I think that is a larger discussion.  Maybe, but more than this spec would be needed.","commit_id":"cac02806bad7ed9eddbca3ecfcd51613ac529b28"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3df17b924e0535ea3b3e0a9342d85ee8eed4d421","unresolved":false,"context_lines":[{"line_number":36,"context_line":"------------"},{"line_number":37,"context_line":""},{"line_number":38,"context_line":"One alternative, that will likely also be done in future work, is to let"},{"line_number":39,"context_line":"Apache HTTPD  deal with User-Id and password via a moduler that performs"},{"line_number":40,"context_line":"Basic-Auth, and to make Keystone handle simple REMOTE_USER.  However, this"},{"line_number":41,"context_line":"spec will provide a mechanism that works for both Apache HTTPD and Eventlet."},{"line_number":42,"context_line":""}],"source_content_type":"text/x-rst","patch_set":2,"id":"9aa7fdbe_af413a0d","line":39,"updated":"2014-10-20 15:31:27.000000000","message":"module*?","commit_id":"cac02806bad7ed9eddbca3ecfcd51613ac529b28"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"3df17b924e0535ea3b3e0a9342d85ee8eed4d421","unresolved":false,"context_lines":[{"line_number":95,"context_line":"  proposed (for example a flag that other hypervisor drivers might want to"},{"line_number":96,"context_line":"  implement as well)? Are the default values ones which will work well in"},{"line_number":97,"context_line":"  real deployments?"},{"line_number":98,"context_line":"* Basic-Auth woill be implemented as a separate, optional middleware."},{"line_number":99,"context_line":""},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"* Is this a change that takes immediate effect after its merged, or is it"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9aa7fdbe_af0f7ae0","line":98,"updated":"2014-10-20 15:31:27.000000000","message":"will*","commit_id":"cac02806bad7ed9eddbca3ecfcd51613ac529b28"},{"author":{"_account_id":4,"name":"Dolph Mathews","email":"dolph.mathews@gmail.com","username":"dolph"},"change_message_id":"a39dd48280fcbe709acfa5036e6c6b1f56b664c5","unresolved":false,"context_lines":[{"line_number":38,"context_line":"One alternative, that will likely also be done in future work, is to let"},{"line_number":39,"context_line":"Apache HTTPD  deal with User-Id and password via a module that performs"},{"line_number":40,"context_line":"Basic-Auth, and to make Keystone handle simple REMOTE_USER.  However, this"},{"line_number":41,"context_line":"spec will provide a mechanism that works for both Apache HTTPD and Eventlet."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"Security Impact"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3a961159_fd9e5e62","line":41,"updated":"2014-12-17 21:57:04.000000000","message":"this entire spec hinges on some desire to support basic auth with eventlet -- what is the reasoning behind supporting basic auth + eventlet?","commit_id":"cd2dd72fb0e0c60f9cf9c9463f5b2599695fe383"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"1f4b1d41b0cf0d4b25d9c1f02946b4d729b04202","unresolved":false,"context_lines":[{"line_number":46,"context_line":""},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"* Does this change touch sensitive data such as tokens, keys, or user data?"},{"line_number":49,"context_line":"* Yes, it replcease unscoped token with Basic-Auth in some contexts."},{"line_number":50,"context_line":""},{"line_number":51,"context_line":""},{"line_number":52,"context_line":"* Does this change alter the API in a way that may impact security, such as"}],"source_content_type":"text/x-rst","patch_set":3,"id":"5a890539_8e7409d0","line":49,"updated":"2014-12-02 20:43:03.000000000","message":"replaces* tokens* . We will still have to support unscoped tokens, no?","commit_id":"cd2dd72fb0e0c60f9cf9c9463f5b2599695fe383"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"1f4b1d41b0cf0d4b25d9c1f02946b4d729b04202","unresolved":false,"context_lines":[{"line_number":61,"context_line":""},{"line_number":62,"context_line":"* Does this change involve using or parsing user-provided data? This could"},{"line_number":63,"context_line":"  be directly at the API level or indirectly such as changes to a cache layer."},{"line_number":64,"context_line":"* Yes, the Basic-Auth data must be paresed from the HTTP request."},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"* Can this change enable a resource exhaustion attack, such as allowing a"},{"line_number":67,"context_line":"  single API interaction to consume significant server resources? Some examples"}],"source_content_type":"text/x-rst","patch_set":3,"id":"5a890539_0e373900","line":64,"updated":"2014-12-02 20:43:03.000000000","message":"parsed*","commit_id":"cd2dd72fb0e0c60f9cf9c9463f5b2599695fe383"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"1f4b1d41b0cf0d4b25d9c1f02946b4d729b04202","unresolved":false,"context_lines":[{"line_number":149,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":150,"context_line":""},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"https://review.openstack.org/#/c/92137/"}],"source_content_type":"text/x-rst","patch_set":3,"id":"5a890539_f1ff32ff","line":152,"updated":"2014-12-02 20:43:03.000000000","message":"Turn this into a link in .rst?","commit_id":"cd2dd72fb0e0c60f9cf9c9463f5b2599695fe383"}]}