[openstack-dev] [all][keystone][product] api keys/application specific passwords

Colleen Murphy colleen at gazlene.net
Sat Jun 3 19:38:05 UTC 2017


On Wed, May 17, 2017 at 12:21 AM, Monty Taylor <mordred at inaugust.com> wrote:

> On 05/16/2017 02:44 PM, Sean Dague wrote:
>
>> On 05/16/2017 03:40 PM, Monty Taylor wrote:
>>
>>> On 05/16/2017 10:20 AM, Doug Hellmann wrote:
>>>
>>>> Excerpts from Chris Dent's message of 2017-05-16 15:16:08 +0100:
>>>>
>>>>> On Tue, 16 May 2017, Monty Taylor wrote:
>>>>>
>>>>> FWIW - I'm un-crazy about the term API Key - but I'm gonna just roll
>>>>>> with
>>>>>> that until someone has a better idea. I'm uncrazy about it for two
>>>>>> reasons:
>>>>>>
>>>>>> a) the word "key" implies things to people that may or may not be
>>>>>> true here.
>>>>>> If we do stick with it - we need some REALLY crisp language about
>>>>>> what it is
>>>>>> and what it isn't.
>>>>>>
>>>>>> b) Rackspace Public Cloud (and back in the day HP Public Cloud) have
>>>>>> a thing
>>>>>> called by this name. While what's written in the spec is quite
>>>>>> similar in
>>>>>> usage to that construct, I'm wary of re-using the name without the
>>>>>> semantics
>>>>>> actually being fully the same for risk of user confusion. "This uses
>>>>>> api-key... which one?" Sean's email uses "APPKey" instead of
>>>>>> "APIKey" - which
>>>>>> may be a better term. Maybe just "ApplicationAuthorization"?
>>>>>>
>>>>>
>>>>> "api key" is a fairly common and generic term for "this magical
>>>>> thingie I can create to delegate my authority to some automation".
>>>>> It's also sometimes called "token", perhaps that's better (that's
>>>>> what GitHub uses, for example)? In either case the "api" bit is
>>>>> pretty important because it is the thing used to talk to the API.
>>>>>
>>>>> I really hope we can avoid creating yet more special language for
>>>>> OpenStack. We've got an API. We want to send keys or tokens. Let's
>>>>> just call them that.
>>>>>
>>>>>
>>>> +1
>>>>
>>>
>>> Fair. That's an excellent argument for "api key" - because I certainly
>>> don't think we want to overload 'token'.
>>>
>>
>> As someone who accidentally named "API Microversions", I fully cede
>> naming territory to others here.
>>
>
> I named "jeepyb" on _purpose_.
>
> For those playing at home, that's a phoneticization of "GPB" which is an
> otherwise never-used acronym for "Gerrit Project Builder".
>
> /me hides
>
> It seems like there is general agreement on the review that "api key" is a
bad name. Thoughts on renaming it "application key" / "app key" (what Ron
proposed in an earlier version of this spec)?

Colleen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170603/a2304ab4/attachment.html>


More information about the OpenStack-dev mailing list