V3 Identity API: No documented reason not to fallback to a domain token
Bug #1214576 reported by
justinsb
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
Medium
|
Dolph Mathews |
Bug Description
(Continuing my cleanup of bugs to differentiate the root cause from a proposed solution)
The V3 Identity API does not document a reason why we don't return a domain token, when we currently fallback to returning an unscoped token.
This causes confusion.
Changed in openstack-api-site: | |
milestone: | none → havana |
status: | New → Confirmed |
Changed in openstack-api-site: | |
milestone: | icehouse → none |
tags: | added: keystone |
Changed in openstack-api-site: | |
assignee: | nobody → Dolph Mathews (dolph) |
To post a comment you must log in.
I think what's lacking from the v3 API documentation (and would resolve this) is explicit use cases for unscoped tokens, project-scoped tokens, and domain-scoped tokens. They *should* be very distinct concepts, so (to analogize..) it might be better to explain what hammers and screwdrivers are used for, rather than why to explain you shouldn't try to substitute one for the other.