Comment 2 for bug 1070637

Endpoint ID's or services types?

We've had some relatively unproductive discussions in the paste about auth_token being aware of the endpoint_id it's protecting -- it's unnecessary config or will require fragile auto-detection code by taking a guess from a catalog response.

Scoping to service type seems like a great first step towards more granular control.