openstack team mailing list archive

Thread
Date

[openstack][keystone] V3 API draft

To: "openstack@xxxxxxxxxxxxxxxxxxx (openstack@xxxxxxxxxxxxxxxxxxx)" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Joseph Heck <heckj@xxxxxxx>
Date: Mon, 21 May 2012 09:11:14 -0700

Good morning,

I wanted to announce that we have the first strawman/draft of a V3 API for Keystone available for comment and feedback. This is an early draft, and I expect there to be more than one. 

	https://docs.google.com/document/d/1s9C4EMxIZ55kZr62CKEC9ip7He_Q4_g1KRfSk9hY-Sg/edit

The general theme of this proposal is a broad CRUD based API supporting authentication and authorization needs in OpenStack. Back-end implementations of Keystone may not support all components of the API, hence an API return may be NotImplemented. This is to support Keystone as a programmatic facade to an deployment’s existing authentication and authorization system(s).
Themes for changes: 

	• different style of pagination that I hope will be more effective for UI work
	• consolidate CRUD operations currently in contrib into CORE
	• adding a "url" resource attribute that's the fully qualified resource location for the keystone service
	• flatten the service catalog structure
	• added in a domains (collection of tenants)
	• restructure role API calls to be specific to user->tenant or user->domain
	• tokens are now very explicit to user+tenant combinations
	• new API mechanisms to get tenants associated with a user
	• generalized credentials associated with a user/tenant combo (ec2, pki, ssh keys, etc)
	• propose an extended policy-implementation-specific API 

If you're interested, please review and provide feedback through the above Google Doc, or feel free to open broader discussion questions here on the list.

-joe

Follow ups

Re: [openstack][keystone] V3 API draft
From: Everett Toews, 2012-05-29
Re: [openstack][keystone] V3 API draft
From: Luis Gervaso, 2012-05-21