grizzly: enable token scoping to a domain
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-api-site |
Fix Released
|
Medium
|
Unassigned |
Bug Description
If https:/
The v3 API has introduced the concept of Domains, being the container that holds users and projects. For many cloud providers, the domain will be the object that really maps to a hosted customer, within which that customer will CRUD their users and projects. To facilitate this, the customer will want to create users that have "roles" that are domain wide (e.g. on-board new users, maintain a set of standard images for all projects etc.). To aid this, we should support the scoping of a token to a Domain (either at authentication or subsequent /tokens call)
If do implement this AND we are going to maintain the ability to support an optional "default project" for user, then we should also support an optional "default domain" (obviously you don't need to specify both, and if you do, then the scope is set to the most granular, i.e. project)
https:/
Changed in openstack-api-site: | |
milestone: | none → grizzly |
tags: | added: identity-api |
Changed in openstack-api-site: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
tags: | added: grizzly |
Changed in openstack-api-site: | |
milestone: | grizzly → none |
looks like this is already addressed in the docs: http:// developer. openstack. org/api- ref-identity- v3.html# authenticate