Difference between revisions of "QuantumAPIAuth"

Revision as of 22:28, 6 May 2011

Authentication + authorization of requests to the Quantum API is required so that tenants can only modify their own networks.

The plan is that authentication will follow the standard OpenStack model of using Keystone . The "echo service" being created as part of Keystone as a template for this work ( https://github.com/khussein/keystone/tree/master/echo ). Work on this service continues, so we should check to see if it is ready for a pull.

For now, the plan is to start with a simple scheme were each network is only by a single tenant, and only that tenant can perform any of the operations on that network.

During the summit, we discussed that the service-provider (or a service like nova) may itself act as a tenant to the quantum API in order to model networks.

@@ Line 2: / Line 2: @@
 Authentication + authorization of requests to the Quantum API is required so that tenants can only modify their own networks.
-The plan is that authentication will follow the standard [[OpenStack]] model of using [[ https://launchpad.net/keystone | Keystone ]].
+The plan is that authentication will follow the standard [[OpenStack]] model of using [[ https://launchpad.net/keystone | Keystone ]].   The "echo service" being created as part of Keystone as a template for this work ( https://github.com/khussein/keystone/tree/master/echo ).  Work on this service continues, so we should check to see if it is ready for a pull.
 For now, the plan is to start with a simple scheme were each network is only by a single tenant, and only that tenant can perform any of the operations on that network.
 During the summit, we discussed that the service-provider (or a service like nova) may itself act as a tenant to the quantum API in order to model networks.