Randy,<br><br>You may well be right, but this should be a concern for implementors rather than users - if I remember well there are virtualisation systems (UML?) that rely on PPP style links and therefore lack MAC addresses. The key point is that as a user I want to know that any attributes I set via the client interface can only be seen by the machine as details like database credentials are likely to be sensitive. For this there should be no need to discover any credentials, rather just connect and ask away.<br>
<br>I&#39;ve done some work around having machines generate a public key pair during birth and then encrypting config info to them, but this is something that can be strapped on later in high security environments if it&#39;s deemed necessary - and in any case the machine being able to write its key pair into OCCI would be advantageous (and transparent with what is proposed).<br>
<br>Sam<br><br><div class="gmail_quote">On Tue, Apr 21, 2009 at 7:55 AM, Randy Bias <span dir="ltr">&lt;<a href="mailto:randyb@gogrid.com">randyb@gogrid.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">




<div>
<font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size: 11pt;">Will have to be MAC.  URL example is fine.  Passing MAC up from networking stack will be painful requiring a custom low-level listener.  Implementation will be susceptible to hacking if providers do not enforce MAC addresses at switch/vswitch ports.<br>

<br>
Alternative is to say that ‘machine-id’ is always deposited in / or C:\ and has UUID.<br><font color="#888888">
<br>
<br>
--Randy</font><div class="im"><br>
<br>
<br>
On 4/20/09 4:01 AM, &quot;Sam Johnston&quot; &lt;<a href="http://samj@samj.net" target="_blank">samj@samj.net</a>&gt; wrote:<br>
<br>
</div></span></font><div class="im"><blockquote><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size: 11pt;">My proposed solution for this is that the cloud provider simply allow the workload to transparently authenticate to OCCI via its IP/MAC address and/or [virtual] interface. We could use a well known alias like &quot;self&quot; so as the machine can just pull down <font color="#0000ff"><u><a href="http://example.com/self" target="_blank">http://example.com/self</a></u></font> (without needing to know its own UUID) and extract from that any state/configuration/introspection/other information it needs.<br>

</span></font></blockquote></div><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size: 11pt;"><br><div class="im">
<br>
-- <br>
Randy Bias, VP Technology Strategy, GoGrid<br>
<a href="http://randyb@gogrid.com" target="_blank">randyb@gogrid.com</a>, (415) 939-8507 [mobile]<br>
BLOG: <a href="http://neotactics.com/blog" target="_blank">http://neotactics.com/blog</a>, TWITTER: <a href="http://twitter.com/randybias" target="_blank">twitter.com/randybias</a><br>
</div></span></font>
</div>


</blockquote></div><br>