Per today's keystone meeting, I wrote a blueprint for the default domain solution, in order to provide an assumed scope for v2 API operations (which is not domain-aware), including authentication and validation, in the context of a deployment with v3 API users (which are domain-aware). https://blueprints.launchpad.net/keystone/+spec/default-domain Feedback appreciated, -Dolph -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130115/e5a4606c/attachment.html>