Authenticating in Keystone currently centers around producing "unscoped" and "scoped" Tokens; "scoped" Tokens being those assigned to a specific Tenant. To increase the flexibility of Openstack's Identity-API, clients could instead authenticate for a "named Scope," which could include zero-to-many Roles, Tenants, Endpoints, etc. The proposed API should be generic enough to allow a specific implementation or configuration to impose arbitrary constraints on the environment (e.g. "one user per tenant") if desired.
Tuesday October 4, 2011 9:00am - 9:25am EDT
Salon A