← Back to team overview

openstack team mailing list archive

Re: Service Registration in Keystone (roles, endpoints)

 

Ziad,

  thanks for the summary. I'm sorry, but I can't find details about a couple
topics (I might be looking at the wrong place - I looked at the links you
provided and the dev guide). To make sure we end up with a consistent view,
it might be useful to elucidate on:

a) the semantics of rolRefs, and how exactly they affect authn/authz
requests
b) the semantics of endpointTemplates - in the etherpad, it seems that
they're per-tenant (?). Can tenants share an endpoint? Can there be some
sort of token substitution in the template?
c) We've had some discussion on the list about federation scenarios - where
different tenants can have a different backend authentication system. While
this does not need to be in the public API (since it could be provider
specific), it would be nice to include the expected semantics as to how this
affects authn/authz requests

thx,
a.


On Fri, Jul 29, 2011 at 3:40 AM, Yuriy Taraday <yorik.sar@xxxxxxxxx> wrote:

> Did you consider to implement changes to eliminate rolerefs that I proposed
> a week ago?
> I think, major version change is good reason to clear some old drawbacks.
>
> Kind regards, Yuriy.
>
>
>
> On Fri, Jul 29, 2011 at 00:44, Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx>wrote:
>
>>  Hi -
>>
>>  We're working on the blueprint to allow services to register themselves
>> and manage their own roles and endpoints in Keystone. We have some sample
>> use cases listed on the ether pad for the blueprint.
>>
>>  Etherpad: http://etherpad.openstack.org/service-registry
>> Blueprint:
>> https://blueprints.launchpad.net/keystone/+spec/keystone-service-registration
>>
>>  Please take a look and add your input (also by email please if you edit
>> Etherpad since we won't get notified).
>>
>>  Thanks,
>> Ziad
>>
>>  *Keystone v2.0 API final in 17 days*
>> This email may include confidential information. If you received it in
>> error, please delete it.
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

References