Open Stack

Ziad, thanks the quick edits.

One more quick question, mostly because I haven't followed the full keystone
discussions. How does this API relate (if at all) to:
http://wiki.openstack.org/FederatedAuthZwithZones

Specifically, around resource groups and federated authentication.

tia,
a.

On Sat, Jun 11, 2011 at 11:40 AM, Ziad Sawalha
<ziad.sawalha at rackspace.com>wrote:

>  I've updated the dev guide with your suggestions:
> - Section 4.4 explains the GET /tenants call needs to be authenticated and
> the examples now show passing in the authentication header.
> - Section 5.2.1 is new and talks about authenticating for the Admin API and
> puts in a reference for bootstrapping the system (creating a first
> administrator). Here, I've left it as a reference to the admin guide which
> is yet to be developed (jaypipes volunteered to help us create that in RST),
> but I also refer to the readme which today has instructions for setting up
> your Keystone instance.
>
>  Let me know if that gets you going, Andi.
>
>  Regards,
> Ziad
>
>
>   From: Ziad Sawalha <ziad.sawalha at rackspace.com>
> Date: Sat, 11 Jun 2011 14:44:12 +0000
> To: Andiabes <andi.abes at gmail.com>
>
> Cc: "openstack at lists.launchpad.net" <openstack at lists.launchpad.net>
> Subject: Re: [Openstack] OpenStack Identity: Keystone API Proposal
>
>   Your guess is correct. The only calls you should be able to make without
> having a token are the calls to discover the service (getting version info,
> WADL contract, dev guide, help, etc…) and to get a token. After that, all
> other calls require passing in a token.
>
>  On the Admin APIs, the token passed in must have the necessary
> administrative privileges.
>
>  To bootstrap Keystone with a blank identity store, you can execute
> bin/keystone-manage to create your initial administrative identity(ies).
>
>  If you use the sample data creation script provided, it will create an
> admin user (and create a token for that user) which you can use.
>
>  We'll clarify that in the dev guide.
>
>  Thanks Andi
>
>  Ziad
>
>   From: Andiabes <andi.abes at gmail.com>
> Date: Fri, 10 Jun 2011 21:08:18 -0400
> To: Ziad Sawalha <ziad.sawalha at rackspace.com>
> Cc: "openstack at lists.launchpad.net" <openstack at lists.launchpad.net>
> Subject: Re: [Openstack] OpenStack Identity: Keystone API Proposal
>
>   It might be useful to include in the API guide some information about
> authentication to keystone itself. I.e when requesting a list of
> users,tenants etc the requestor should somehow authenticate itself
> I'm guessing that the flow involve acquiring a token that authenticates the
> user to keystone as a user who has privileges to manage the relevant
> entities.?
>
>  Sent from my iPad
>
> On Jun 10, 2011, at 7:24 PM, Ziad Sawalha <ziad.sawalha at rackspace.com>
> wrote:
>
>   Time flies! It's June 10th already. In my last email to this community I
> had proposed today as the day to lock down the Keystone API so we can
> finalize implementation by Diablo-D2 (June 30th).
>
>  We've been working on this feverishly over the past couple of weeks and
> have just pushed out a proposed API here:<https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf>
> https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf
>
>  For any and all interested, the original source and code is on Github (<https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf>
> https://github.com/rackspace/keystone), along with the current
> implementation of Keystone, examples, sample data, tests, instructions, and
> all the goodies we could muster to put together. The project also lives on
> Launchpad at <http://launchpad.net/keystone>http://launchpad.net/keystone.
>
>  The API we just put out there is still a proposal. We're going to be
> focusing on the implementation, but would still love to get community input,
> feedback, and participation.
>
>  Have a great weekend and regards to all,
>
>  Ziad
>
>
>
>
>  Confidentiality Notice: This e-mail message (including any attached or
> embedded documents) is intended for the exclusive and confidential use of the
> individual or entity to which this message is addressed, and unless otherwise
> expressly indicated, is confidential and privileged information of Rackspace.
> Any dissemination, distribution or copying of the enclosed material is prohibited.
> If you receive this transmission in error, please notify us immediately by e-mail
> at abuse at rackspace.com, and delete the original message.
> Your cooperation is appreciated.
>
>   _______________________________________________
> Mailing list: <https://launchpad.net/~openstack>
> https://launchpad.net/~openstack
> Post to     : <openstack at lists.launchpad.net>openstack at lists.launchpad.net
> Unsubscribe : <https://launchpad.net/~openstack>
> https://launchpad.net/~openstack
> More help   : <https://help.launchpad.net/ListHelp>
> https://help.launchpad.net/ListHelp
>
>    Confidentiality Notice: This e-mail message (including any attached or
> embedded documents) is intended for the exclusive and confidential use of the
> individual or entity to which this message is addressed, and unless otherwise
> expressly indicated, is confidential and privileged information of Rackspace.
> Any dissemination, distribution or copying of the enclosed material is prohibited.
> If you receive this transmission in error, please notify us immediately by e-mail
> at abuse at rackspace.com, and delete the original message.
> Your cooperation is appreciated.
>
>  _______________________________________________ Mailing list:
> https://launchpad.net/~openstack Post to : openstack at lists.launchpad.netUnsubscribe :
> https://launchpad.net/~openstack More help :
> https://help.launchpad.net/ListHelp
>
> Confidentiality Notice: This e-mail message (including any attached or
> embedded documents) is intended for the exclusive and confidential use of the
> individual or entity to which this message is addressed, and unless otherwise
> expressly indicated, is confidential and privileged information of Rackspace.
> Any dissemination, distribution or copying of the enclosed material is prohibited.
> If you receive this transmission in error, please notify us immediately by e-mail
> at abuse at rackspace.com, and delete the original message.
> Your cooperation is appreciated.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20110612/a3fd4a56/attachment.html>