Comment 8 for bug 843066

Cool. BTW, that might change... see http://etherpad.openstack.org/KeystoneV2API. Particularly:

Use cases:
1. I have a Nova endpoint and don't know what credentials to use:
    A. GET returns either a 305 or 401.
            305 if it supports Rackspace Token Auth
            401 if it does not
            in either case, it also returns WWW-Authenticate headers indicating supported protocols:
                WWW-Authenticate: Basic realm="xxxx"
                WWW-Authenticate: Keystone uri="https://identity.rackspace.com:8080"
                NOTE: URI is version agnostic and version list not reutrned - query Keystone for versions.
    B. Choose authentication method and follow that method's protocol.
    NOTE: we implement this on the middleware.
    NOTE: This follows HTTP standards, is browser friendly, and backwards compatible with current Rackspace cloud protocol which responds with 305.

2. I now have the URI for Keystone, and I want to find out what credentials to use:
GET / returns verion list
GET /v# returns version info
GET /v#/extensions returns extensions which may include:
    - OAUTH
    - SAML
    - ec2 Creds
    - Rackspace API Key creds
NOTE: Keystone always supports Token Auth with passwordCredentials (this is core)