[Openstack] State of OpenStack Auth

Michael Mayo mike at openstack.org
Fri Mar 4 17:44:08 UTC 2011

> But, unless I'm mistaken, there is only a single call to the auth
> server on the first request. If we go with a Swift model (which is
> similar to the proposed solution from Vish and Andy, but not quite the
> same), the auth server returns the storage-management-url after
> authenticating the user/key combination. Requests after the initial
> request simply use the storage management URL, passing in the token
> returned from the auth service.

Right, that's how the Rackspace API works today.

> You could issue dozens of requests
> after the initial auth request, and you wouldn't be re-requesting
> anything from the auth server each time.

That's certainly true, but it breaks down when you aren't making very many requests.  If you're doing 100 API calls, 1 extra HTTP request doesn't really matter that much, but if you're only doing 1 API call, the auth step becomes half of your API traffic, which is unfortunate if you have a weak wifi signal or cell coverage when you're trying to make that API call.

> I agree it would be nice to be able to specify "spin me up 10 servers"
> in the OpenStack compute API, but that is a bit tangential to the
> specifics of the auth service here, AFAICT.

True, sorry to digress :)  I guess I'm just trying to advocate a philosophy that minimizing the number of API calls a developer needs to make to do something is a really really good thing. 

More information about the Openstack mailing list