On 05/16/2017 10:20 AM, Doug Hellmann wrote:
Excerpts from Chris Dent's message of 2017-05-16 15:16:08 +0100:
On Tue, 16 May 2017, Monty Taylor wrote:
FWIW - I'm un-crazy about the term API Key - but I'm gonna just roll with
that until someone has a better idea. I'm uncrazy about it for two reasons:
a) the word "key" implies things to people that may or may not be true here.
If we do stick with it - we need some REALLY crisp language about what it is
and what it isn't.
b) Rackspace Public Cloud (and back in the day HP Public Cloud) have a thing
called by this name. While what's written in the spec is quite similar in
usage to that construct, I'm wary of re-using the name without the semantics
actually being fully the same for risk of user confusion. "This uses
api-key... which one?" Sean's email uses "APPKey" instead of "APIKey" - which
may be a better term. Maybe just "ApplicationAuthorization"?
"api key" is a fairly common and generic term for "this magical
thingie I can create to delegate my authority to some automation".
It's also sometimes called "token", perhaps that's better (that's
what GitHub uses, for example)? In either case the "api" bit is
pretty important because it is the thing used to talk to the API.
I really hope we can avoid creating yet more special language for
OpenStack. We've got an API. We want to send keys or tokens. Let's
just call them that.
+1
Fair. That's an excellent argument for "api key" - because I certainly
don't think we want to overload 'token'.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
