[Openstack] State of OpenStack Auth

Monsyne Dragon mdragon at rackspace.com
Thu Mar 3 23:15:45 UTC 2011

On 3/3/11 4:46 PM, Michael Mayo wrote:
>> On Thu, Mar 03, 2011 at 01:23:07PM -0800, Michael Mayo wrote:
>>>> We're also getting something else
>>>> with a token server though: service discovery (via service URL headers
>>>> returned with token). This can be important for auto-configuring apps
>>>> since you can simply enter a auth URL and the app will find out which
>>>> services to expose and what the URLs for each service are.
>>> This is true.  An endpoint list is certainly necessary, but it would be great if I only needed to call that one time instead of every time an auth token expires.
>> You would probably want to refresh the service list somewhat regularly
>> though, so perhaps we can time the refresh rate with the expiration
>> time for the token. :)
> Yeah that works fine for the mobile clients I'm building, since their purpose is to expose a nice UI for every possible OpenStack service available, but for someone who wants to use a single service (swift only, for example), there would be no use for ever needing to get a service list, except via curl one time during development to get the swift endpoint.  In that person's case, a separate auth request is wasteful compared to using HTTP Basic or request signing.
This is assuming that the endpoint url does not change, and is going to 
be the same for all users.  It could be that the, say swift url, that 
you get is not the same as what someone else gets, based on their 
account, service level, or even current IP (for directing folks to the 
'nearest' endpoint).


     -Monsyne Dragon
     work:         210-312-4190
     mobile        210-441-0965
     google voice: 210-338-0336

Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com, and delete the original message.
Your cooperation is appreciated.

More information about the Openstack mailing list