xen-devel

[Top] [All Lists]

[Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend

from [Matthew Palmer]

[Permanent Link][Original]

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend
From:	Matthew Palmer <mpalmer@xxxxxxxxxxx>
Date:	Fri, 9 Jun 2006 12:45:30 +1000
Delivery-date:	Thu, 08 Jun 2006 19:50:11 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<4488D93D.7070303@xxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<4488D93D.7070303@xxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.5.9i

On Thu, Jun 08, 2006 at 09:13:17PM -0500, Anthony Liguori wrote:
> The following patch implements a secure XML-RPC protocol for Xend.  
> Instead of using HTTPS with basic authentication and dealing with all 
> that nasty OpenSSL/PAM integration, it just uses SSH.  This gives you 
> all the properties you want (great security and PAM integration) with 
> very little code.

Are there any plans to make the XML-RPC interface easily accessable for
things other than xm?  Although HTTPS (I'd use client certs rather than
basic auth, but that's even worse from a PAM integration PoV) is more
overhead, it's at least platform-independent.  I've been doing a bit of
poking into using XML-RPC to control Xend from Ruby, and it's a hassle. 
Adding an SSH tunnel layer over the top is going to be even more of a
nightmare.

My workaround at the moment is to create a higher-level interface to control
Xend -- it's SOAP over HTTPS (with client certs to perform authentication
and, eventually, authorization).  I'm using SOAP simply because it's got
WSDL.  The interface is a lot simpler (very, very few S-expressions to deal
with), so it'll probably still exist even if Xend gets a more advanced
XML-RPC layer, but it'd save me some fiddling if I could poke Xend's XML-RPC
securely without needing to grub around for a Unix socket.

- Matt

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Matthew Palmer <= Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anil Madhavapeddy Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Daniel Veillard Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anil Madhavapeddy [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori Re: [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Daniel Veillard [Xen-devel] Re: Re: [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Ewan Mellor [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori [Xen-devel] Re: [RFC][PATCH] Secure XML-RPC for Xend, Ewan Mellor

Previous by Date:	Re: [Xen-devel] ata_piix SATA driver - Invalid opcode?!, Adam Nielsen
Next by Date:	[Xen-devel] 64bit xen0 cannot boot on ChangeSet 10302, Zheng, Jeff
Previous by Thread:	[Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anthony Liguori
Next by Thread:	Re: [Xen-devel] [RFC][PATCH] Secure XML-RPC for Xend, Anil Madhavapeddy
Indexes:	[Date] [Thread] [Top] [All Lists]