[Openstack] State of OpenStack Auth

Michael Mayo mike at openstack.org
Thu Mar 3 22:46:13 UTC 2011

> On Thu, Mar 03, 2011 at 01:23:07PM -0800, Michael Mayo wrote:
>>> We're also getting something else
>>> with a token server though: service discovery (via service URL headers
>>> returned with token). This can be important for auto-configuring apps
>>> since you can simply enter a auth URL and the app will find out which
>>> services to expose and what the URLs for each service are.
>> This is true.  An endpoint list is certainly necessary, but it would be great if I only needed to call that one time instead of every time an auth token expires.
> You would probably want to refresh the service list somewhat regularly
> though, so perhaps we can time the refresh rate with the expiration
> time for the token. :)

Yeah that works fine for the mobile clients I'm building, since their purpose is to expose a nice UI for every possible OpenStack service available, but for someone who wants to use a single service (swift only, for example), there would be no use for ever needing to get a service list, except via curl one time during development to get the swift endpoint.  In that person's case, a separate auth request is wasteful compared to using HTTP Basic or request signing.

More information about the Openstack mailing list