[openstack-dev] [all][keystone][product] api keys/application specific passwords

Sean Dague sean at dague.net
Tue May 16 19:44:15 UTC 2017

On 05/16/2017 03:40 PM, Monty Taylor wrote:
> On 05/16/2017 10:20 AM, Doug Hellmann wrote:
>> Excerpts from Chris Dent's message of 2017-05-16 15:16:08 +0100:
>>> On Tue, 16 May 2017, Monty Taylor wrote:
>>>> FWIW - I'm un-crazy about the term API Key - but I'm gonna just roll
>>>> with
>>>> that until someone has a better idea. I'm uncrazy about it for two
>>>> reasons:
>>>> a) the word "key" implies things to people that may or may not be
>>>> true here.
>>>> If we do stick with it - we need some REALLY crisp language about
>>>> what it is
>>>> and what it isn't.
>>>> b) Rackspace Public Cloud (and back in the day HP Public Cloud) have
>>>> a thing
>>>> called by this name. While what's written in the spec is quite
>>>> similar in
>>>> usage to that construct, I'm wary of re-using the name without the
>>>> semantics
>>>> actually being fully the same for risk of user confusion. "This uses
>>>> api-key... which one?" Sean's email uses "APPKey" instead of
>>>> "APIKey" - which
>>>> may be a better term. Maybe just "ApplicationAuthorization"?
>>> "api key" is a fairly common and generic term for "this magical
>>> thingie I can create to delegate my authority to some automation".
>>> It's also sometimes called "token", perhaps that's better (that's
>>> what GitHub uses, for example)? In either case the "api" bit is
>>> pretty important because it is the thing used to talk to the API.
>>> I really hope we can avoid creating yet more special language for
>>> OpenStack. We've got an API. We want to send keys or tokens. Let's
>>> just call them that.
>> +1
> Fair. That's an excellent argument for "api key" - because I certainly
> don't think we want to overload 'token'.

As someone who accidentally named "API Microversions", I fully cede
naming territory to others here.


Sean Dague

More information about the OpenStack-dev mailing list