<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 01/31/2013 10:57 PM, Vishvananda
Ishaya wrote:<br>
</div>
<blockquote
cite="mid:ED48DD50-58A9-43A6-8732-F46B2B29A273@gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<base href="x-msg://12031/">
<div>
<div>On Jan 31, 2013, at 6:37 PM, "Ali, Haneef" <<a
moz-do-not-send="true" href="mailto:haneef.ali@hp.com">haneef.ali@hp.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div bgcolor="white" link="blue" vlink="purple"
style="font-family: Menlo; font-size: medium; font-style:
normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: 2;
text-align: -webkit-auto; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; " lang="EN-US">
<div class="WordSection1" style="page: WordSection1; ">
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span style="color:
rgb(31, 73, 125); ">Isn’t signed token an optional
feature? If so validateToken is going to be a high
frequency call. Also “Service Catalog” is a
constant, the services can cache it. It doesn’t need
to be part of validateToken.</span></div>
</div>
</div>
</blockquote>
<div><br>
</div>
Service catalog is not a constant. That said the only time it is
used is when a service needs to proxy a call to another service
using the same token. If we had a reasonable way to make
requests on behalf of other users we don't really need it as the
service could just keep its own catalog and make requests on
behalf of the requesting user.</div>
</blockquote>
<br>
I'm working on it. It is called "trusts" and there is a WIP posted
here:<br>
<br>
<a class="moz-txt-link-freetext" href="https://review.openstack.org/#/c/20289/">https://review.openstack.org/#/c/20289/</a><br>
<br>
Blueprint is here:<br>
<br>
<a class="moz-txt-link-freetext" href="https://blueprints.launchpad.net/keystone/+spec/trusts">https://blueprints.launchpad.net/keystone/+spec/trusts</a><br>
<br>
<blockquote
cite="mid:ED48DD50-58A9-43A6-8732-F46B2B29A273@gmail.com"
type="cite">
<div><br>
</div>
<div>Vish</div>
<div><br>
<blockquote type="cite">
<div bgcolor="white" link="blue" vlink="purple"
style="font-family: Menlo; font-size: medium; font-style:
normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: 2;
text-align: -webkit-auto; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; " lang="EN-US">
<div class="WordSection1" style="page: WordSection1; ">
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span style="color:
rgb(31, 73, 125); "><o:p></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span style="color:
rgb(31, 73, 125); "> </span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span style="color:
rgb(31, 73, 125); ">Thanks<o:p></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span style="color:
rgb(31, 73, 125); ">Haneef<o:p></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span style="color:
rgb(31, 73, 125); "> </span></div>
<div>
<div style="border-style: solid none none;
border-top-width: 1pt; border-top-color: rgb(181, 196,
223); padding: 3pt 0in 0in; ">
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><b><span
style="font-size: 10pt; font-family: Tahoma,
sans-serif; color: windowtext; ">From:</span></b><span
style="font-size: 10pt; font-family: Tahoma,
sans-serif; color: windowtext; "><span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:openstack-bounces+haneef.ali=hp.com@lists.launchpad.net">openstack-bounces+haneef.ali=hp.com@lists.launchpad.net</a>
[<a class="moz-txt-link-freetext" href="mailto:openstack">mailto:openstack</a>-<a moz-do-not-send="true"
href="mailto:bounces+haneef.ali=hp.com@lists.launchpad.net">bounces+haneef.ali=hp.com@lists.launchpad.net</a>]<span
class="Apple-converted-space"> </span><b>On
Behalf Of<span class="Apple-converted-space"> </span></b>Adam
Young<br>
<b>Sent:</b><span class="Apple-converted-space"> </span>Thursday,
January 31, 2013 6:25 PM<br>
<b>To:</b><span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
<b>Subject:</b><span class="Apple-converted-space"> </span>Re:
[Openstack] [keystone] Why are we returing such a
big payload in validate token?<o:p></o:p></span></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><o:p> </o:p></div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">On 01/31/2013
07:44 PM, Ali, Haneef wrote:<o:p></o:p></div>
</div>
<blockquote style="margin-top: 5pt; margin-bottom: 5pt; ">
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">Hi,<o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "> <o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">As of now v3
validateToken response has “tokens, service catalog,
users, project , roles and domains. (i.e) Except
for groups we are returning everything. We also
discussed about the possibility of 100s of endpoints.
ValidateToken is supposed to be a high frequency call
. This is<o:p></o:p></div>
</blockquote>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span
style="font-size: 12pt; font-family: 'Times New
Roman', serif; "><br>
Validate token should not going be a high frequency
call. The information is encapsulated inside the
signed token for just that reason.<br>
<br>
I would agree with the sentiment, however, that we are
cramming a lot of info into the token. TOkens should
be scoped much, much more finely: by default one
service or endpoint, and one tenant.<br>
<br>
The only thing that should require the full service
catalog is the initial request of an unsigned token,
and that should merely go back to the client.<br>
<br>
<br>
<o:p></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">going to be a huge
performance impact . What is the use case for such a
big payload when compared with v2? <o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "> <o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">If a service needs
catalog , then the service can always ask for the
catalog.<o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "> <o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">Thanks<o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; ">Haneef<o:p></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span
style="font-size: 12pt; font-family: 'Times New
Roman', serif; "><br>
<br>
<br>
<o:p></o:p></span></div>
<pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New'; ">_______________________________________________<o:p></o:p></pre>
<pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New'; ">Mailing list: <a moz-do-not-send="true" href="https://launchpad.net/%7Eopenstack" style="color: purple; text-decoration: underline; ">https://launchpad.net/~openstack</a><o:p></o:p></pre>
<pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New'; ">Post to : <a moz-do-not-send="true" href="mailto:openstack@lists.launchpad.net" style="color: purple; text-decoration: underline; ">openstack@lists.launchpad.net</a><o:p></o:p></pre>
<pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New'; ">Unsubscribe : <a moz-do-not-send="true" href="https://launchpad.net/%7Eopenstack" style="color: purple; text-decoration: underline; ">https://launchpad.net/~openstack</a><o:p></o:p></pre>
<pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New'; ">More help : <a moz-do-not-send="true" href="https://help.launchpad.net/ListHelp" style="color: purple; text-decoration: underline; ">https://help.launchpad.net/ListHelp</a><o:p></o:p></pre>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif; "><span
style="font-size: 12pt; font-family: 'Times New
Roman', serif; "> </span></div>
</div>
_______________________________________________<br>
Mailing list: <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a><br>
Post to : <a moz-do-not-send="true"
href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a moz-do-not-send="true"
href="https://launchpad.net/%7Eopenstack">https://launchpad.net/~openstack</a><br>
More help : <a moz-do-not-send="true"
href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a></div>
</blockquote>
</div>
<br>
</blockquote>
<br>
</body>
</html>