Use cases:
1. I have a Nova endpoint and don't know what credentials to use:
A. GET returns either a 305 or 401.
305 if it supports Rackspace Token Auth
401 if it does not
in either case, it also returns WWW-Authenticate headers indicating supported protocols: WWW-Authenticate: Basic realm="xxxx" WWW-Authenticate: Keystone uri="https://identity.rackspace.com:8080" NOTE: URI is version agnostic and version list not reutrned - query Keystone for versions.
B. Choose authentication method and follow that method's protocol.
NOTE: we implement this on the middleware.
NOTE: This follows HTTP standards, is browser friendly, and backwards compatible with current Rackspace cloud protocol which responds with 305.
2. I now have the URI for Keystone, and I want to find out what credentials to use:
GET / returns verion list
GET /v# returns version info
GET /v#/extensions returns extensions which may include:
- OAUTH
- SAML
- ec2 Creds
- Rackspace API Key creds
NOTE: Keystone always supports Token Auth with passwordCredentials (this is core)
Cool. BTW, that might change... see http:// etherpad. openstack. org/KeystoneV2A PI. Particularly:
Use cases:
WWW-Authentic ate: Basic realm="xxxx"
WWW-Authentic ate: Keystone uri="https:/ /identity. rackspace. com:8080"
NOTE: URI is version agnostic and version list not reutrned - query Keystone for versions.
1. I have a Nova endpoint and don't know what credentials to use:
A. GET returns either a 305 or 401.
305 if it supports Rackspace Token Auth
401 if it does not
in either case, it also returns WWW-Authenticate headers indicating supported protocols:
B. Choose authentication method and follow that method's protocol.
NOTE: we implement this on the middleware.
NOTE: This follows HTTP standards, is browser friendly, and backwards compatible with current Rackspace cloud protocol which responds with 305.
2. I now have the URI for Keystone, and I want to find out what credentials to use:
GET / returns verion list
GET /v# returns version info
GET /v#/extensions returns extensions which may include:
- OAUTH
- SAML
- ec2 Creds
- Rackspace API Key creds
NOTE: Keystone always supports Token Auth with passwordCredentials (this is core)