Back To Schedule
Tuesday, October 4 • 9:00am - 9:25am
Authenticating by 'scope,' rather than by 'tenant'

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Authenticating in Keystone currently centers around producing "unscoped" and "scoped" Tokens; "scoped" Tokens being those assigned to a specific Tenant. To increase the flexibility of Openstack's Identity-API, clients could instead authenticate for a "named Scope," which could include zero-to-many Roles, Tenants, Endpoints, etc. The proposed API should be generic enough to allow a specific implementation or configuration to impose arbitrary constraints on the environment (e.g. "one user per tenant") if desired.

Tuesday October 4, 2011 9:00am - 9:25am EDT
Salon A

Attendees (0)