Open Stack

One issue that I've been asked about repeatedly is getting a token for 
an action in the future.  Two use cases for this have come up:

1.  HEAT and failover.  It needs to move a virtual machine from one host 
to another.
2.  Content production.    Something generates a large file and needs to 
store it in swift.

In both cases, the users authorizes it at setup time to perform this 
action any time in the future, long after the token is expired.

To support this, add two new APIs.  One is POST preauthenticate, and the 
other is GET preauthenticate/{user_id}

When POSTing to preauthenticate,  the user supplies a user that will be 
allowed to fetch a token at some point in the future.

When GETting tokens/preauthenticated/{user_id}  only the specified user 
will be able to fetch a token for the user that performed the 
preauthenticate action.

We could potentially add an additional PATCH to modify a pre-auth 
arraingement.  We would certainly want a DELETE.

The preauthentication id should  be just a UUID.  It should be useless 
to anyone but the user that creates it.  No other user should be able to 
view it.  The user should be able to enumerate her preauthentications, 
in order to view, modify, and delete them. /users/preauthentications

Comments?