[openstack-dev] [Keystone] V3 Extensions Discoverability
Jay Pipes
jaypipes at gmail.com
Tue Aug 6 17:34:30 UTC 2013
On 08/06/2013 01:21 PM, David Chadwick wrote:
>
>
> On 06/08/2013 18:11, Jay Pipes wrote:
>> What SMTP, DNS and LDAP extensions are in use by systems that need to
>> interoperate in the same way that Keystone does? <-- This is a genuine
>> question, not sarcasm. I'm truly curious.
>
> Take SMTP for example. My Thunderbird client needs to know what
> authentication extensions are implemented by the POP3 server and SMTP
> server that it is talking to, in order to send and receive email in a
> secure manner.
>
> In the same way, once Keystone supports say federated login as an
> extension, a client will need to know if this extension is supported or
> not. If not, it wont be able to offer it to the end user. (It is not a
> sensible design for a client to send an extension protocol message to a
> server and get a 400 Bad Request response. This tells the client
> nothing. 501 Not Implemented might be a more informative response, but
> in this case the server has to know that an extension was requested and
> we have to document that this is the standard response to an
> unimplemented extension).
Ah, OK, so I think we're actually closer to one another than first
glance. So, I *entirely* agree that if API extensions are
available/supported by an API, then there should be an easy way to
discover those extensions -- /endpoints is perfectly fine.
I also agree that a *protocol* should have the flexibility, within its
bytestream construct, to extend its scope over time, *without needing to
change the underlying protocol*. So, for example, a protocol that leaves
itself some way of "growing" over time is, by nature, A Good Thing (tm).
However, I do *not* believe that resource additions to a REST-ful API
necessitate a new API "extension" that must be treated like something
that is fundamentally different from the existing resources published in
the API.
Por ejemplo,
I do not believe the adding a /regions resource should require me to add
an API "extension" just to add the resource to the API. I believe we
should be able to propose the adding of the /regions resource, debate
it, and then add it to a v3.x Keystone API.
There isn't anything about a region resource that is fundamentally
different from some other resource managed by Keystone -- like domains
or endpoints -- and therefore I don't believe that adding a /regions
resource endpoint should require anything more than a bump in the
version of the API.
Hope this makes more sense,
-jay
p.s. Despite my opinion that /regions resource addition should not be an
extension, I'm still submitting a proposed API extension for it ;)
More information about the OpenStack-dev
mailing list