[Openstack] State of OpenStack Auth
Eric Day
eday at oddments.org
Thu Mar 3 22:55:13 UTC 2011
On Thu, Mar 03, 2011 at 02:46:13PM -0800, Michael Mayo wrote:
> >> This is true. An endpoint list is certainly necessary, but it would be great if I only needed to call that one time instead of every time an auth token expires.
> >
> > You would probably want to refresh the service list somewhat regularly
> > though, so perhaps we can time the refresh rate with the expiration
> > time for the token. :)
>
> Yeah that works fine for the mobile clients I'm building, since their purpose is to expose a nice UI for every possible OpenStack service available, but for someone who wants to use a single service (swift only, for example), there would be no use for ever needing to get a service list, except via curl one time during development to get the swift endpoint. In that person's case, a separate auth request is wasteful compared to using HTTP Basic or request signing.
Sure, then their deployment can use basic auth instead. A default
is tough though, since everyone will have different needs. I would
probably vote for token if we think folks will be multi-service by
default. I'm fine with whatever other folks think is a more appropriate
default though, it's really just a guessing game. :)
-Eric
More information about the Openstack
mailing list