<html><head></head><body bgcolor="#FFFFFF"><div>Exactly<br><br>從我的 iPhone 傳送</div><div><br>Brian Ipsen <<a href="mailto:brian.ipsen@ryesgade47c.dk">brian.ipsen@ryesgade47c.dk</a>> 於 2013/1/21 下午4:55 寫道:<br><br></div><div></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle">P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
</style>
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">
<p>Hi,</p>
<p> </p>
<p>Just to clear things up:<br>
</p>
<div style="FONT-FAMILY: Times New Roman; COLOR: #000000; FONT-SIZE: 16px">
<div>
<div dir="ltr">
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div lang="DA">
<div>
<p class="MsoNormal"><span style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt" lang="EN-US">I am still trying to figure out how the different components interact, and exactly what the different parameters on the keystone command does.
Once I get that understanding, things will probably be much easier </span><span style="FONT-FAMILY: Wingdings; COLOR: #1f497d; FONT-SIZE: 11pt" lang="EN-US">J</span></p>
</div>
</div>
</blockquote>
<div><font color="#ff0000">[Reply] </font></div>
<div><font color="#ff0000">Yes , that's the keypoint. You must understand the workflow. </font></div>
<div><font color="#ff0000">My assumption is your proxy pipline is using tokenauth and keystone even swift-auth .</font></div>
<div><font color="#ff0000">The full request workflow is :</font></div>
</div>
</div>
</div>
<blockquote style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0px; MARGIN: 0px 0px 0px 40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: medium none; BORDER-RIGHT: medium none; PADDING-TOP: 0px">
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div><font color="#ff0000">client send username/password --> keystone verify it --> return token and service(swift) url to client --> client use returned url and token to swift-proxy --> proxy verify the token by asking keystone immediately ---> keystone confirmed
it with several information includes role etc. --> the request pass the token-auth filter --> check the role with swift-auth middleware --> do the operation for user --> returned the result(status) </font></div>
</div>
</div>
</div>
</blockquote>
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<div>So the client contacts the keystone server first(directly) - on the URL it is listening on (NAT'ed from public network)? Keystone returns tokenand service URL - and then the client connects to the proxy using the token ?</div>
<div> </div>
<div>Regards</div>
<div>Brian</div>
<div> </div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div></blockquote></body></html>