[Openstack] State of OpenStack Auth

Monsyne Dragon mdragon at rackspace.com
Thu Mar 3 21:28:24 UTC 2011

Speaking of the auth related stuff... For the multitenant bp we need to 
add support for 'accounts', etc.  I have a branch proposed for merge 
that has that in it, plus basic admin api's for users/accounts 
(projects) in nova.   It also adds to the builtin auth so you can use an 
account:username login like swift does (in a large prod system, we'd 
probably have a separate system doing the actual auth, but this is 
useful for small/dev nova systems).

The main part is that it looks for the account in the base server 
management url, the way the current cloud servers does, so it always 
knows what account you are operating in the context of.

Anyway, that is here right now.

For future improvements, http-basic auth would be nice from a 
dev/web-standard perspective, though I wonder how that could be 
implemented using a separate authentication service. The common methods 
I've seen are for webapp standards like CAS, where you authenticate with 
the auth service and it uses a redirect and/or http cookies to store the 
login token/ticket. (the actual authn service itself can use basic auth, 
but the service needs a token/ticket)


     -Monsyne Dragon
     work:         210-312-4190
     mobile        210-441-0965
     google voice: 210-338-0336

Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com, and delete the original message.
Your cooperation is appreciated.

More information about the Openstack mailing list