Hi Liem! Comments inline... > From: Nguyen, Liem Manh [mailto:liem_m_ngu...@hp.com] > Sent: Friday, July 15, 2011 05:56 PM > > For Nova, the Keystone Tenant maps to a Nova project, and according to the > “Finalize Auth integration” blueprint, the Nova project is going away (“no > more project/roleuser info in nova”).
If I understand Z correctly, I think what that means is that the *linking* relationship between a project and a role will no longer be stored in Nova. Only the project identifier will be stored in Nova, and the relationship of a project to a role will be stored in Keystone. > What about Swift’s account? I assume the Keystone tenant would map to a > Swift account. How would this mapping occur? Would Swift still maintain > account information in the db and these will get synchronized with Keystone > tenant information (i.e., auto-create accounts), or would Swift get rid of > the account concept and have a mapping between tenant and containers > instead? If there is any existing blue-print/docs on Keystone/Swift > integration plan for Diablo, that would be greatly appreciated. I don't see any need to remove the concept of an account in Swift. It's a central component in the way that access to objects in Swift is controlled. I think that Z is saying that the account in Swift should merely be considered the tenant in Keystone. -jay _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp