[openstack-dev] [all][keystone][product] api keys/application specific passwords

Monty Taylor mordred at inaugust.com
Tue May 16 19:40:18 UTC 2017

On 05/16/2017 10:20 AM, Doug Hellmann wrote:
> Excerpts from Chris Dent's message of 2017-05-16 15:16:08 +0100:
>> On Tue, 16 May 2017, Monty Taylor wrote:
>>> FWIW - I'm un-crazy about the term API Key - but I'm gonna just roll with
>>> that until someone has a better idea. I'm uncrazy about it for two reasons:
>>> a) the word "key" implies things to people that may or may not be true here.
>>> If we do stick with it - we need some REALLY crisp language about what it is
>>> and what it isn't.
>>> b) Rackspace Public Cloud (and back in the day HP Public Cloud) have a thing
>>> called by this name. While what's written in the spec is quite similar in
>>> usage to that construct, I'm wary of re-using the name without the semantics
>>> actually being fully the same for risk of user confusion. "This uses
>>> api-key... which one?" Sean's email uses "APPKey" instead of "APIKey" - which
>>> may be a better term. Maybe just "ApplicationAuthorization"?
>> "api key" is a fairly common and generic term for "this magical
>> thingie I can create to delegate my authority to some automation".
>> It's also sometimes called "token", perhaps that's better (that's
>> what GitHub uses, for example)? In either case the "api" bit is
>> pretty important because it is the thing used to talk to the API.
>> I really hope we can avoid creating yet more special language for
>> OpenStack. We've got an API. We want to send keys or tokens. Let's
>> just call them that.
> +1

Fair. That's an excellent argument for "api key" - because I certainly 
don't think we want to overload 'token'.

More information about the OpenStack-dev mailing list