[mailto:openstack-bounces+joe.savak=rackspace@lists.launchpad.net] On
Behalf Of Mark Nottingham
Sent: Wednesday, September 07, 2011 2:11 AM
To: Bryan Taylor
Cc: openstack@lists.launchpad.net
Subject: Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens
There's been a lot of interest
There's been a lot of interest in a finer-grained Vary function (i.e.,
something that lets you specify the cache key on something more flexible than
just whole headers). We're working a a spec in the background, but of course
caches will need to support it...
Cheers,
On 05/09/2011, at 3:43
It _would_ be useful to have Vary pick out a link by its rel, even on a
request. Maybe the rel= part should've been considered part of the
header:
Link;rel=Keystone-token : blah
Or maybe Vary should support matching on header values:
Vary: Link:*;rel=keystone-token
On 9/4/11 9:51 PM, Mark
Still getting up to speed on the finer points of keystone, but makes sense to
me.
Is X-Auth-Token keystone-specific? If so, calling it something like
Keystone-Token would be better (X- is falling out of favour; see
http://tools.ietf.org/html/draft-saintandre-xdash-03). That'd also avoid
Love it.
Link:
https://keystone.server/tokens/fa8426a0-8eaf-4d22-8e13-7c1b16a9370c;
rel=keystone-token
Fixed: s/tenants/tokens/ (my bad).
On 9/4/11 7:40 PM, Mark Nottingham m...@mnot.net wrote:
Still getting up to speed on the finer points of keystone, but makes
sense to me.
Is
Hmmm, I'm thinking more about this. Would using the Link: header break the
ability to use the Vary header? I can't Vary on a Link header based on
it's rel attribute.
So maybe Keystone-Token is the way to go. I could see intermediaries doing
the token resolution and adding headers like
Good point; Link makes more sense on a response.
Cheers,
On 05/09/2011, at 12:49 PM, Bryan Taylor wrote:
Hmmm, I'm thinking more about this. Would using the Link: header break the
ability to use the Vary header? I can't Vary on a Link header based on
it's rel attribute.
So maybe
I propose identifying tokens by their full keystone URI within X-Auth-Token
header. EG: instead of
X-Auth-Token: fa8426a0-8eaf-4d22-8e13-7c1b16a9370c
we would do
X-Auth-Token:
https://keystone.server/tenants/fa8426a0-8eaf-4d22-8e13-7c1b16a9370c
This has the advantage of allowing
8 matches
Mail list logo