Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-12 Thread Joe Savak
.launchpad.net [mailto:openstack-bounces+joe.savak=rackspace@lists.launchpad.net] On Behalf Of Mark Nottingham Sent: Wednesday, September 07, 2011 2:11 AM To: Bryan Taylor Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens There's been a l

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-07 Thread Mark Nottingham
There's been a lot of interest in a finer-grained Vary function (i.e., something that lets you specify the cache key on something more flexible than just whole headers). We're working a a spec in the background, but of course caches will need to support it... Cheers, On 05/09/2011, at 3:43

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-04 Thread Bryan Taylor
It _would_ be useful to have Vary pick out a link by its rel, even on a request. Maybe the rel="" part should've been considered part of the header: Link;rel="Keystone-token" : blah Or maybe Vary should support matching on header values: Vary: Link:*;rel="keystone-token" On 9/4/11 9:51 PM, "Ma

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-04 Thread Mark Nottingham
Good point; Link makes more sense on a response. Cheers, On 05/09/2011, at 12:49 PM, Bryan Taylor wrote: > Hmmm, I'm thinking more about this. Would using the Link: header break the > ability to use the Vary header? I can't Vary on a Link header based on > it's rel attribute. > > So maybe Keys

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-04 Thread Bryan Taylor
Hmmm, I'm thinking more about this. Would using the Link: header break the ability to use the Vary header? I can't Vary on a Link header based on it's rel attribute. So maybe Keystone-Token is the way to go. I could see intermediaries doing the token resolution and adding headers like Keystone-Use

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-04 Thread Bryan Taylor
Love it. Link: ; rel="keystone-token" Fixed: s/tenants/tokens/ (my bad). On 9/4/11 7:40 PM, "Mark Nottingham" wrote: >Still getting up to speed on the finer points of keystone, but makes >sense to me. > >Is X-Auth-Token

Re: [Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-04 Thread Mark Nottingham
Still getting up to speed on the finer points of keystone, but makes sense to me. Is X-Auth-Token keystone-specific? If so, calling it something like "Keystone-Token" would be better (X- is falling out of favour; see ). That'd also avoid p

[Openstack] Proposal: URIs for X-Auth-Header Keystone tokens

2011-09-03 Thread Bryan Taylor
I propose identifying tokens by their full keystone URI within X-Auth-Token header. EG: instead of X-Auth-Token: fa8426a0-8eaf-4d22-8e13-7c1b16a9370c we would do X-Auth-Token: https://keystone.server/tenants/fa8426a0-8eaf-4d22-8e13-7c1b16a9370c This has the advantage of allowing federate