python-novaclient has these proxy_token and proxy_tenant_id kwargs available when constructing the client, added way back in 2011 with no docs or tests: https://github.com/openstack/python-novaclient/commit/2c3a865f6b408d85aaeaafafd9ff9cdcee5d8cb4 Those have been copied into the various other clients that were originally written based on novaclient: http://codesearch.openstack.org/?q=proxy_tenant_id&i=nope&files=&repos= As far as I can tell this is something that predated service users, or the services having credentials for other services to act on an end-users behalf, for example, for nova to create a floating IP in neutron for an end user. Is anyone else aware of any other usage of these kwargs? If not, we're going to deprecate them in python-novaclient and we could probably also do that in cinder/manila/trove clients as well. -- Thanks, Matt Riedemann