[Openstack] OpenStack Identity: Keystone API Proposal
Jay Pipes
jaypipes at gmail.com
Wed Jul 13 17:14:57 UTC 2011
On Wed, Jul 13, 2011 at 12:30 PM, Bryan Taylor <btaylor at rackspace.com> wrote:
> How is this different in effect than letting swift or nova be tenants? Each
> tenant gets to define users, roles, and groups, right?
A service can have multiple tenants. For instance, an installation of
Nova might have a RAX tenant and a RAX-INTERNAL tenant, both of which
can create users and roles separately. Keystone can manage these sets
of users independently, but when the Nova service requests information
from Keystone, supplying the tenant and user, which depending on the
information stored in Keystone, could return different role/group
infomation.
-jay
More information about the Openstack
mailing list