Good morning, I wanted to announce that we have the first strawman/draft of a V3 API for Keystone available for comment and feedback. This is an early draft, and I expect there to be more than one.
https://docs.google.com/document/d/1s9C4EMxIZ55kZr62CKEC9ip7He_Q4_g1KRfSk9hY-Sg/edit The general theme of this proposal is a broad CRUD based API supporting authentication and authorization needs in OpenStack. Back-end implementations of Keystone may not support all components of the API, hence an API return may be NotImplemented. This is to support Keystone as a programmatic facade to an deployment’s existing authentication and authorization system(s). Themes for changes: • different style of pagination that I hope will be more effective for UI work • consolidate CRUD operations currently in contrib into CORE • adding a "url" resource attribute that's the fully qualified resource location for the keystone service • flatten the service catalog structure • added in a domains (collection of tenants) • restructure role API calls to be specific to user->tenant or user->domain • tokens are now very explicit to user+tenant combinations • new API mechanisms to get tenants associated with a user • generalized credentials associated with a user/tenant combo (ec2, pki, ssh keys, etc) • propose an extended policy-implementation-specific API If you're interested, please review and provide feedback through the above Google Doc, or feel free to open broader discussion questions here on the list. -joe _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp