Relevant blueprint: https://blueprints.launchpad.net/keystone/+spec/domain-name-spaces Corresponding spec change: https://review.openstack.org/#/c/18805/ These changes have not been implemented yet. Essentially it's an opt-in change of behavior per domain. Auth for users and projects within those domains must either be identified by globally-unique ID, or a combinations of owning domain and user/project name. Users and projects are namespaced by their owning domain, so the configuration of two different domains wouldn't apply to a single user or project. -Dolph On Sat, Jan 26, 2013 at 4:04 AM, David Chadwick <d.w.chadwick at kent.ac.uk>wrote: > The keystone v3 API contains the following statement in the Users section > > Either globally or domain unique username, depending on owning domain. > > Can someone explain what this means please. > > More specifically, this states that a username is either globally unique > across all domains, or is locally defined in a domain. > > First question. How can anyone tell the difference between a globally > unique username and a domain specific username? > > Second, who or what is the owning domain for a globally unique username? > > Finally why should the owning domain determine whether the username is > globally unique or not? What if owning domain 1 determines that username1 > is globally unique and owning domain 2 determines that username1 is locally > unique to itself? > > thanks > > David > > > ______________________________**_________________ > OpenStack-dev mailing list > OpenStack-dev at lists.openstack.**org <OpenStack-dev at lists.openstack.org> > http://lists.openstack.org/**cgi-bin/mailman/listinfo/**openstack-dev<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev> > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130126/7132b0f3/attachment.html>