Image authorization within cloud interfaces
|Assignee:||Daniel Molina||% Done:|
|Target version:||Release 2.0|
currently the EC2 and OCCI cloud interfaces seem to work like this:
- A user can list the images uploaded herself, meanwhile images uploaded by another
user don't show up within the image list.
- However if a user knows the image id of an image uploaded by someone else she
can use it to create a new vm.
From my point of view (in its simplest form) the image authorization might/should
follow the authorization schema implemented by virtual networks, eg.:
- It would be useful to enable shared images, eg. to let users to use images
uploaded by oneadmin. What's more it would be handy to show such images in the
interface, too (eg. econe-describe-images and occi-storage).
- However it might provide more privacy, if the system prevented users from using
images uploaded by other regular users.