openstack team mailing list archive

Thread
Date

Re: OpenStack Identity: Keystone API Proposal

To: Bryan Taylor <btaylor@xxxxxxxxxxxxx>
From: Jay Pipes <jaypipes@xxxxxxxxx>
Date: Wed, 13 Jul 2011 13:14:57 -0400
Cc: openstack@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4E1DC82C.3080300@rackspace.com>

On Wed, Jul 13, 2011 at 12:30 PM, Bryan Taylor <btaylor@xxxxxxxxxxxxx> wrote:
> How is this different in effect than letting swift or nova be tenants? Each
> tenant gets to define users, roles, and groups, right?

A service can have multiple tenants. For instance, an installation of
Nova might have a RAX tenant and a RAX-INTERNAL tenant, both of which
can create users and roles separately. Keystone can manage these sets
of users independently, but when the Nova service requests information
from Keystone, supplying the tenant and user, which depending on the
information stored in Keystone, could return different role/group
infomation.

-jay

Follow ups

Re: OpenStack Identity: Keystone API Proposal
From: Ziad Sawalha, 2011-07-13

References

Re: OpenStack Identity: Keystone API Proposal
From: Rouault, Jason (Cloud Services), 2011-06-16
Re: OpenStack Identity: Keystone API Proposal
From: Ziad Sawalha, 2011-07-13
Re: OpenStack Identity: Keystone API Proposal
From: Jay Pipes, 2011-07-13
Re: OpenStack Identity: Keystone API Proposal
From: Bryan Taylor, 2011-07-13