Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-12 Thread Joe Savak
[mailto:openstack-bounces+joe.savak=rackspace@lists.launchpad.net] On Behalf Of Mark Nottingham Sent: Wednesday, September 07, 2011 2:11 AM To: Bryan Taylor Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens There's been a lot of interest

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-07 Thread Mark Nottingham
There's been a lot of interest in a finer-grained Vary function (i.e., something that lets you specify the cache key on something more flexible than just whole headers). We're working a a spec in the background, but of course caches will need to support it... Cheers, On 05/09/2011, at 3:43

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-05 Thread Bryan Taylor
It _would_ be useful to have Vary pick out a link by its rel, even on a request. Maybe the rel= part should've been considered part of the header: Link;rel=Keystone-token : blah Or maybe Vary should support matching on header values: Vary: Link:*;rel=keystone-token On 9/4/11 9:51 PM, Mark

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-04 Thread Mark Nottingham
Still getting up to speed on the finer points of keystone, but makes sense to me. Is X-Auth-Token keystone-specific? If so, calling it something like Keystone-Token would be better (X- is falling out of favour; see http://tools.ietf.org/html/draft-saintandre-xdash-03). That'd also avoid

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-04 Thread Bryan Taylor
Love it. Link: https://keystone.server/tokens/fa8426a0-8eaf-4d22-8e13-7c1b16a9370c; rel=keystone-token Fixed: s/tenants/tokens/ (my bad). On 9/4/11 7:40 PM, Mark Nottingham m...@mnot.net wrote: Still getting up to speed on the finer points of keystone, but makes sense to me. Is

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-04 Thread Bryan Taylor
Hmmm, I'm thinking more about this. Would using the Link: header break the ability to use the Vary header? I can't Vary on a Link header based on it's rel attribute. So maybe Keystone-Token is the way to go. I could see intermediaries doing the token resolution and adding headers like

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-04 Thread Mark Nottingham
Good point; Link makes more sense on a response. Cheers, On 05/09/2011, at 12:49 PM, Bryan Taylor wrote: Hmmm, I'm thinking more about this. Would using the Link: header break the ability to use the Vary header? I can't Vary on a Link header based on it's rel attribute. So maybe

[Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-03 Thread Bryan Taylor
I propose identifying tokens by their full keystone URI within X-Auth-Token header. EG: instead of X-Auth-Token: fa8426a0-8eaf-4d22-8e13-7c1b16a9370c we would do X-Auth-Token: https://keystone.server/tenants/fa8426a0-8eaf-4d22-8e13-7c1b16a9370c This has the advantage of allowing