[openstack-dev] [Keystone] V3 Extensions Discoverability

David Chadwick d.w.chadwick at kent.ac.uk
Tue Aug 6 17:21:41 UTC 2013

On 06/08/2013 18:11, Jay Pipes wrote:
> What SMTP, DNS and LDAP extensions are in use by systems that need to
> interoperate in the same way that Keystone does? <-- This is a genuine
> question, not sarcasm. I'm truly curious.

Take SMTP for example. My Thunderbird client needs to know what 
authentication extensions are implemented by the POP3 server and SMTP 
server that it is talking to, in order to send and receive email in a 
secure manner.

In the same way, once Keystone supports say federated login as an 
extension, a client will need to know if this extension is supported or 
not. If not, it wont be able to offer it to the end user. (It is not a 
sensible design for a client to send an extension protocol message to a 
server and get a 400 Bad Request response. This tells the client 
nothing. 501 Not Implemented might be a more informative response, but 
in this case the server has to know that an extension was requested and 
we have to document that this is the standard response to an 
unimplemented extension).



> Best,
> -jay

More information about the OpenStack-dev mailing list