[openstack-dev] [all][keystone][product] api keys/application specific passwords

Chris Dent cdent+os at anticdent.org
Tue May 16 14:16:08 UTC 2017

On Tue, 16 May 2017, Monty Taylor wrote:

> FWIW - I'm un-crazy about the term API Key - but I'm gonna just roll with 
> that until someone has a better idea. I'm uncrazy about it for two reasons:
> a) the word "key" implies things to people that may or may not be true here. 
> If we do stick with it - we need some REALLY crisp language about what it is 
> and what it isn't.
> b) Rackspace Public Cloud (and back in the day HP Public Cloud) have a thing 
> called by this name. While what's written in the spec is quite similar in 
> usage to that construct, I'm wary of re-using the name without the semantics 
> actually being fully the same for risk of user confusion. "This uses 
> api-key... which one?" Sean's email uses "APPKey" instead of "APIKey" - which 
> may be a better term. Maybe just "ApplicationAuthorization"?

"api key" is a fairly common and generic term for "this magical
thingie I can create to delegate my authority to some automation".
It's also sometimes called "token", perhaps that's better (that's
what GitHub uses, for example)? In either case the "api" bit is
pretty important because it is the thing used to talk to the API.

I really hope we can avoid creating yet more special language for
OpenStack. We've got an API. We want to send keys or tokens. Let's
just call them that.

Chris Dent                  ┬──┬◡ノ(° -°ノ)       https://anticdent.org/
freenode: cdent                                         tw: @anticdent

More information about the OpenStack-dev mailing list