[Openstack] State of OpenStack Auth
mdragon at rackspace.com
Thu Mar 3 21:28:24 UTC 2011
Speaking of the auth related stuff... For the multitenant bp we need to
add support for 'accounts', etc. I have a branch proposed for merge
that has that in it, plus basic admin api's for users/accounts
(projects) in nova. It also adds to the builtin auth so you can use an
account:username login like swift does (in a large prod system, we'd
probably have a separate system doing the actual auth, but this is
useful for small/dev nova systems).
The main part is that it looks for the account in the base server
management url, the way the current cloud servers does, so it always
knows what account you are operating in the context of.
Anyway, that is here right now.
For future improvements, http-basic auth would be nice from a
dev/web-standard perspective, though I wonder how that could be
implemented using a separate authentication service. The common methods
I've seen are for webapp standards like CAS, where you authenticate with
the auth service and it uses a redirect and/or http cookies to store the
login token/ticket. (the actual authn service itself can use basic auth,
but the service needs a token/ticket)
google voice: 210-338-0336
Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com, and delete the original message.
Your cooperation is appreciated.
More information about the Openstack