Here's the HTML of the table comparison.

Feature	Description	Keystone Client (using 2.0)	Curl - using V2.0 API	V3 API	Observations
List Users	List all users that the supplied token has visibility to	keystone --token ADMIN --endpoint http://localhost:35357/v2.0/ user-list	curl http://locahost:35357/v2.0/users -H "X-Auth-Token: ADMIN" ", "enabled": true, "id": "45214d3ed59b46458c5d2ae9431fbbb7", "name": "joe", "tenantId": "26772165df7f4e418706a7ab875b6312" } ] }]]>	curl http://localhost:35357/v3/users -H "X-Auth-Token: ADMIN" ", "enabled": true, "id": "45214d3ed59b46458c5d2ae9431fbbb7", "links": { "self": "http://localhost:5000/v3/users/45214d3ed59b46458c5d2ae9431fbbb7" }, "name": "joe", "tenantId": "26772165df7f4e418706a7ab875b6312" } ] }]]>
Create User	Create a new user	keystone --token ADMIN --endpoint http://localhost:35357/v2.0/ user-create --name joe --tenant_id 26772165df7f4e418706a7ab875b6312 --pass password1 --email --enabled true	curl http://localhost:35357/v2.0/users -d '{"user":{"username":"joe","email":"","enabled":true, "name":"Joe", "OS-KSADM":"secrete"}}' -H "Content-type: application/json" -H "X-Auth-Token: ADMIN"		Name required attribute in Keystone v2, but username is not... Case sensitive username. Another API call needed in v2 to associate user with tenant.
Create Tenant	Create a new tenant (or project for v3 lingo)	keystone --token ADMIN --endpoint http://localhost:35357/v2.0/ tenant-create --name tenant01 --description "tenant for tenant sake" --enable true	curl http://localhost:35357/v2.0/tenants -H "X-Auth-Token: ADMIN" -X POST -d '{"tenant":{"name":"tenant02","description":"tenant tenant", "enabled":true}}' -H "Content-type: application/json"	curl http://localhost:35357/v3/projects -H "X-Auth-Token: ADMIN" -H "Content-type: application/json" -d '{"project": {"domain_id":"123","enabled":true,"name":"Project-X"}}'	Tenants in v2 can be seen as projects in v3. Projects in v3 can be seen as tenants in v2. Projects in v3 can be created, referencing a domain that doesn't yet exist. (In the example to the left, domain "123" wasn't created and still isn't shown on a get v3/domains call
List Domains	List all the domains the supplied token has visibility to	N/A	N/A	curl http://localhost:35357/v3/domains -H "X-Auth-Token: ADMIN" \| python -mjson.tool
Add Domain	Create a new domain	N/A	N/A	curl http://localhost:35357/v3/domains -H "X-Auth-Token: ADMIN" -H "Content-type: application/json" -d '{"domain":{"enabled":true, "name":"CustomerX"}}' \| python -mjson.tool
Add Role	Add a new role	keystone --token ADMIN --endpoint http://localhost:35357/v2.0 role-create --name user	curl http://166.78.146.147:35357/v2.0/OS-KSADM/roles -H "X-Auth-Token: ADMIN" -d '{"role":{"name":"SysAdmni", "description":"Role for doing sys adminy things"}}' -H "Content-type: application/json"	curl http://localhost:35357/v3/roles -H "X-AUTH-TOKEN: ADMIN" -H "Content-type: application/json" -d '{"role":{"name":"SysAdmin","description":"Sys Admin created via v3"}}' \| python -mjson.tool	description not listed in v3 doc, but i was able to add it anyway. V3 doc: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md