XML-RPC authentication options for the validation dashboard
james.westby at linaro.org
Sat Sep 4 19:31:32 BST 2010
On Sat, 04 Sep 2010 18:32:30 +0200, Zygmunt Krynicki <zygmunt.krynicki at linaro.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hello guys.
> I'd like to ask for your advice in for implementing authentication
> mechanism for the XML-RPC interface to the dashboard. I believe this
> problem has two aspects: user needs and client program needs. I was
> about to implement HTTP Digest authentication that will authorize the
> user against the Django user database. James pointed out that we should
> discuss this topic more. I'd like to know what you think.
> What users need to have.
> I think that for our internal use cases a best option would be launchpad
> integration. We don't mind using launchpad, we already have accounts
That works for now, yes. That's a distinct question from the auth
mechanism of the API though. We can use openid for users to authenticate
themselves via LP, or any openid provider as we like. We can then choose
an authentication mechanism basically independent of that for the
> We could use oauth for authentication. I'm not an expect on oauth
> so I'm not sure what kind of impact it has on the API itself, if any (do
> we need to pass some special argument to each call?). I suspect it has a
> negotiation phase where the client and oauth provider exchange some
> messages after which the client can authenticate by providing some extra
> header in each request. In any way that's one option.
That's correct. There are no changes to the API needed.
The main difference to digest is that you don't give your password to
the app, you give it a token that stands in for your password, but can
be revoked independently of your password. There are other ways to do
that than oauth.
> For a centralized installation this would be pretty good. For ad-hoc
> installations it could be difficult to setup but I'm just guessing here.
> Other options are (off the top of my head):
> - - Basic/Digest HTTP authentication. Digest is pretty good (or so
> wikipedia tells me) and has a very nice property of not requiring any
> changes to the API. User identity is provided as out-of-band HTTP header.
> - - Custom authentication via special XML-RPC methods and some
> user/pass/token/whatever arguments. This is IMHO pretty ugly as it
> affects the interface. The upside is that we can build any
> authentication options we like.
No, let's not do this.
> - - No authentication at all. All XML-RPC interfaces are public and anyone
> may call them. Surprisingly this is not such a bad option. Since all
> request would be anonymous all the users would be allowed to do is
> upload data to public "directories". All other interaction would have to
> be performed via the website or the administration panel.
> What clients need to implement.
> So this is about everyone who has to interact with the API, currently
> that's just dashboard itself (we have a command-line client that can use
> each exposed method) and of course abrek. While I don't mind changing
> the API or security method to make it better we need to consider that
> each client will have to adapt as well. Worse, if one client has to
> interact with two servers it may be required to discover/negotiate
> supported authentication before we can even connect.
That's not such a big issue in my eyes. launch-control should just have
one method, at least for now.
What's missing before we can sensibly discuss this is a discussion of
how we would like the user interaction to work.
Do we want to support setting up clients without a connection to the
server? I don't see why as if you have no connection you can't submit
results, except if:
Do we want to use the authentication token to identify a user + machine
Do we want users to be able to revoke access for certain tokens (and
hence clients) without revoking them all?
Basically, we need to be able to complete this paragraph as a minimum.
A new developer joins linaro and is shipped a board that they wish to
submit test results for. To do this they "apt-get install abrek" and
More information about the Linaro-dev