Open Stack

Nate:

Barbican will be integrated with keystone, and on authentication, an auth context will be inserted with
User-id, tenant-id, role etc.  Thus the same tenant-id in the rest of openstack will flow in and be accessible.

Working on the keystone integration piece (code as is now is to help standalone development of Barbican).

Regards
Malini

-----Original Message-----
From: Nate Reller [mailto:rellerreller at yahoo.com] 
Sent: Friday, May 03, 2013 10:03 AM
To: Jarret Raim; OpenStack Development Mailing List
Subject: Re: [openstack-dev] [barbican] CloudKeep API

> >How are the tenant IDs populated in the database?
> 
> Our current plan is to silently create the tenant_id once the user's 
> first call has validated against keystone. E.g. If you have our 
> endpoint in keystone, we'll create the tenant. The tenant_id is going 
> to just be a varchar with the data from keystone since, IIRC, the 
> OpenStack provider can use any values for tenant_ids so we can't rely 
> on any particular format.

I was wondering how you were going to do that. The tenant ID is going to initially be used to validate who can use a key? For volume encryption I will need to make sure I can use the same tenant ID for both. Ideally I would use the user's tenant ID, but this could be a problem if I cannot get access to it for both the creation and retrieval of the key. 

Thanks for clearing up the content-types questions. That makes sense to me. Do you know if it will be a list or a map? 

-Nate

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev