[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend



On Thu, Jun 08, 2006 at 09:13:17PM -0500, Anthony Liguori wrote:
> The following patch implements a secure XML-RPC protocol for Xend.  
> Instead of using HTTPS with basic authentication and dealing with all 
> that nasty OpenSSL/PAM integration, it just uses SSH.  This gives you 
> all the properties you want (great security and PAM integration) with 
> very little code.

Are there any plans to make the XML-RPC interface easily accessable for
things other than xm?  Although HTTPS (I'd use client certs rather than
basic auth, but that's even worse from a PAM integration PoV) is more
overhead, it's at least platform-independent.  I've been doing a bit of
poking into using XML-RPC to control Xend from Ruby, and it's a hassle. 
Adding an SSH tunnel layer over the top is going to be even more of a
nightmare.

My workaround at the moment is to create a higher-level interface to control
Xend -- it's SOAP over HTTPS (with client certs to perform authentication
and, eventually, authorization).  I'm using SOAP simply because it's got
WSDL.  The interface is a lot simpler (very, very few S-expressions to deal
with), so it'll probably still exist even if Xend gets a more advanced
XML-RPC layer, but it'd save me some fiddling if I could poke Xend's XML-RPC
securely without needing to grub around for a Unix socket.

- Matt

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.