Comment 5 for bug 1354512

Is there a group or role that all cloud service users are a member of which can be used to authorize to those requests which have been authenticated to have that membership?

Do the service users themselves *need* access to this images or are the requests always made on their behalf through a proxy service (i.e. glance).

Has there been any archeology done on this? Did the original implementer of those public acl's mis-understand these implications or is this a well know, not terribly harmful/dangerous, yet in some deployments undesirable behavior?

If all cloud users already have access to the data - isn't already more or less "public" should they chose to share it?