openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #02862
Re: OpenStack Identity: Keystone API Proposal
Ziad, thanks the quick edits.
One more quick question, mostly because I haven't followed the full keystone
discussions. How does this API relate (if at all) to:
http://wiki.openstack.org/FederatedAuthZwithZones
Specifically, around resource groups and federated authentication.
tia,
a.
On Sat, Jun 11, 2011 at 11:40 AM, Ziad Sawalha
<ziad.sawalha@xxxxxxxxxxxxx>wrote:
> I've updated the dev guide with your suggestions:
> - Section 4.4 explains the GET /tenants call needs to be authenticated and
> the examples now show passing in the authentication header.
> - Section 5.2.1 is new and talks about authenticating for the Admin API and
> puts in a reference for bootstrapping the system (creating a first
> administrator). Here, I've left it as a reference to the admin guide which
> is yet to be developed (jaypipes volunteered to help us create that in RST),
> but I also refer to the readme which today has instructions for setting up
> your Keystone instance.
>
> Let me know if that gets you going, Andi.
>
> Regards,
> Ziad
>
>
> From: Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx>
> Date: Sat, 11 Jun 2011 14:44:12 +0000
> To: Andiabes <andi.abes@xxxxxxxxx>
>
> Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Openstack] OpenStack Identity: Keystone API Proposal
>
> Your guess is correct. The only calls you should be able to make without
> having a token are the calls to discover the service (getting version info,
> WADL contract, dev guide, help, etc…) and to get a token. After that, all
> other calls require passing in a token.
>
> On the Admin APIs, the token passed in must have the necessary
> administrative privileges.
>
> To bootstrap Keystone with a blank identity store, you can execute
> bin/keystone-manage to create your initial administrative identity(ies).
>
> If you use the sample data creation script provided, it will create an
> admin user (and create a token for that user) which you can use.
>
> We'll clarify that in the dev guide.
>
> Thanks Andi
>
> Ziad
>
> From: Andiabes <andi.abes@xxxxxxxxx>
> Date: Fri, 10 Jun 2011 21:08:18 -0400
> To: Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx>
> Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Openstack] OpenStack Identity: Keystone API Proposal
>
> It might be useful to include in the API guide some information about
> authentication to keystone itself. I.e when requesting a list of
> users,tenants etc the requestor should somehow authenticate itself
> I'm guessing that the flow involve acquiring a token that authenticates the
> user to keystone as a user who has privileges to manage the relevant
> entities.?
>
> Sent from my iPad
>
> On Jun 10, 2011, at 7:24 PM, Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx>
> wrote:
>
> Time flies! It's June 10th already. In my last email to this community I
> had proposed today as the day to lock down the Keystone API so we can
> finalize implementation by Diablo-D2 (June 30th).
>
> We've been working on this feverishly over the past couple of weeks and
> have just pushed out a proposed API here:<https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf>
> https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf
>
> For any and all interested, the original source and code is on Github (<https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf>
> https://github.com/rackspace/keystone), along with the current
> implementation of Keystone, examples, sample data, tests, instructions, and
> all the goodies we could muster to put together. The project also lives on
> Launchpad at <http://launchpad.net/keystone>http://launchpad.net/keystone.
>
> The API we just put out there is still a proposal. We're going to be
> focusing on the implementation, but would still love to get community input,
> feedback, and participation.
>
> Have a great weekend and regards to all,
>
> Ziad
>
>
>
>
> Confidentiality Notice: This e-mail message (including any attached or
> embedded documents) is intended for the exclusive and confidential use of the
> individual or entity to which this message is addressed, and unless otherwise
> expressly indicated, is confidential and privileged information of Rackspace.
> Any dissemination, distribution or copying of the enclosed material is prohibited.
> If you receive this transmission in error, please notify us immediately by e-mail
> at abuse@xxxxxxxxxxxxx, and delete the original message.
> Your cooperation is appreciated.
>
> _______________________________________________
> Mailing list: <https://launchpad.net/~openstack>
> https://launchpad.net/~openstack
> Post to : <openstack@xxxxxxxxxxxxxxxxxxx>openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : <https://launchpad.net/~openstack>
> https://launchpad.net/~openstack
> More help : <https://help.launchpad.net/ListHelp>
> https://help.launchpad.net/ListHelp
>
> Confidentiality Notice: This e-mail message (including any attached or
> embedded documents) is intended for the exclusive and confidential use of the
> individual or entity to which this message is addressed, and unless otherwise
> expressly indicated, is confidential and privileged information of Rackspace.
> Any dissemination, distribution or copying of the enclosed material is prohibited.
> If you receive this transmission in error, please notify us immediately by e-mail
> at abuse@xxxxxxxxxxxxx, and delete the original message.
> Your cooperation is appreciated.
>
> _______________________________________________ Mailing list:
> https://launchpad.net/~openstack Post to : openstack@lists.launchpad.netUnsubscribe :
> https://launchpad.net/~openstack More help :
> https://help.launchpad.net/ListHelp
>
> Confidentiality Notice: This e-mail message (including any attached or
> embedded documents) is intended for the exclusive and confidential use of the
> individual or entity to which this message is addressed, and unless otherwise
> expressly indicated, is confidential and privileged information of Rackspace.
> Any dissemination, distribution or copying of the enclosed material is prohibited.
> If you receive this transmission in error, please notify us immediately by e-mail
> at abuse@xxxxxxxxxxxxx, and delete the original message.
> Your cooperation is appreciated.
>
>
Follow ups
References