Is there a group or role that all cloud service users are a member of which can be used to authorize to those requests which have been authenticated to have that membership?
Do the service users themselves *need* access to this images or are the requests always made on their behalf through a proxy service (i.e. glance).
Has there been any archeology done on this? Did the original implementer of those public acl's mis-understand these implications or is this a well know, not terribly harmful/dangerous, yet in some deployments undesirable behavior?
If all cloud users already have access to the data - isn't already more or less "public" should they chose to share it?
Is there a group or role that all cloud service users are a member of which can be used to authorize to those requests which have been authenticated to have that membership?
Do the service users themselves *need* access to this images or are the requests always made on their behalf through a proxy service (i.e. glance).
Has there been any archeology done on this? Did the original implementer of those public acl's mis-understand these implications or is this a well know, not terribly harmful/dangerous, yet in some deployments undesirable behavior?
If all cloud users already have access to the data - isn't already more or less "public" should they chose to share it?