openstack team mailing list archive

[Monsyne Dragon <mdragon@xxxxxxxxxxxxx>]

Speaking of the auth related stuff... For the multitenant bp we need to 
add support for 'accounts', etc.  I have a branch proposed for merge 
that has that in it, plus basic admin api's for users/accounts 
(projects) in nova.   It also adds to the builtin auth so you can use an 
account:username login like swift does (in a large prod system, we'd 
probably have a separate system doing the actual auth, but this is 
useful for small/dev nova systems).

The main part is that it looks for the account in the base server 
management url, the way the current cloud servers does, so it always 
knows what account you are operating in the context of.

Anyway, that is here right now.

For future improvements, http-basic auth would be nice from a 
dev/web-standard perspective, though I wonder how that could be 
implemented using a separate authentication service. The common methods 
I've seen are for webapp standards like CAS, where you authenticate with 
the auth service and it uses a redirect and/or http cookies to store the 
login token/ticket. (the actual authn service itself can use basic auth, 
but the service needs a token/ticket)

--

--
    -Monsyne Dragon
    work:         210-312-4190
    mobile        210-441-0965
    google voice: 210-338-0336



Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse@xxxxxxxxxxxxx, and delete the original message.
Your cooperation is appreciated.