[Openstack] State of OpenStack Auth

Jorge Williams jorge.williams at rackspace.com
Fri Mar 4 17:05:36 UTC 2011

On Mar 4, 2011, at 10:29 AM, Jay Pipes wrote:

> Would the best option be if the OpenStack API supported both auth
> mechanisms (signature, basic HTTP) and allowed the deployers to pick
> which ones were best for which clients? For instance, if OpenStack
> supported both auth mechanisms simultaneously, mobile apps could
> choose signatures whereas other clients, say a simple web dashboard,
> could choose HTTP basic auth an re-auth every N hours?

We proposed a blueprint that addressed the very issue of supporting multiple authentication schemes simultaneously.  We also proposed a default dead simple authentication component -- based on basic auth -- though we removed the details of this part at the request of the swift team.  We also supported a clear separation between auth and individual services so that teams can concentrate on their components without worrying about auth. 

We didn't go so far as proposing a default authentication system, but with the default authentication component you wouldn't need one.  Khaled implement this code to support both the default auth component  and to integrate the blueprint with swift.  The response to our blueprint, from the swift guys, was that it wasn't needed.

Now that we are focused on auth perhaps the blueprint is worth another look:


-jOrGe W.

Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com, and delete the original message.
Your cooperation is appreciated.

More information about the Openstack mailing list