← Back to team overview

openstack team mailing list archive

Re: State of OpenStack Auth

 

On Thu, Mar 03, 2011 at 02:46:13PM -0800, Michael Mayo wrote:
> >> This is true.  An endpoint list is certainly necessary, but it would be great if I only needed to call that one time instead of every time an auth token expires.
> > 
> > You would probably want to refresh the service list somewhat regularly
> > though, so perhaps we can time the refresh rate with the expiration
> > time for the token. :)
> 
> Yeah that works fine for the mobile clients I'm building, since their purpose is to expose a nice UI for every possible OpenStack service available, but for someone who wants to use a single service (swift only, for example), there would be no use for ever needing to get a service list, except via curl one time during development to get the swift endpoint.  In that person's case, a separate auth request is wasteful compared to using HTTP Basic or request signing.

Sure, then their deployment can use basic auth instead. A default
is tough though, since everyone will have different needs. I would
probably vote for token if we think folks will be multi-service by
default. I'm fine with whatever other folks think is a more appropriate
default though, it's really just a guessing game. :)

-Eric



References