Re: [openstack-dev] [Keystone][Horizon] Proposed Changed for Unscoped tokens.

On Mon, Jul 7, 2014 at 3:05 PM, Adam Young ayo...@redhat.com wrote: On 07/07/2014 11:11 AM, Dolph Mathews wrote: On Fri, Jul 4, 2014 at 5:13 PM, Adam Young ayo...@redhat.com wrote: Unscoped tokens are really a proxy for the Horizon session, so lets treat them that way. 1. When a user

Re: [openstack-dev] [Keystone][Horizon] Proposed Changed for Unscoped tokens.

On Fri, Jul 04, 2014 at 06:13:30PM -0400, Adam Young wrote: Unscoped tokens are really a proxy for the Horizon session, so lets treat them that way. 1. When a user authenticates unscoped, they should get back a list of their projects: some thing along the lines of: domains [{ name

Re: [openstack-dev] [Keystone][Horizon] Proposed Changed for Unscoped tokens.

On 07/07/2014 05:39 AM, Marco Fargetta wrote: On Fri, Jul 04, 2014 at 06:13:30PM -0400, Adam Young wrote: Unscoped tokens are really a proxy for the Horizon session, so lets treat them that way. 1. When a user authenticates unscoped, they should get back a list of their projects: some thing

Re: [openstack-dev] [Keystone][Horizon] Proposed Changed for Unscoped tokens.

3. Unscoped tokens should be very short lived: 10 minutes. Unscoped tokens should be infinitely extensible: If I hand an unscoped token to keystone, I get one good for another 10 minutes. Using this time limit horizon should extend all the unscoped token every x min (with x 10). Is

Re: [openstack-dev] [Keystone][Horizon] Proposed Changed for Unscoped tokens.

On 07/07/2014 10:33 AM, Marco Fargetta wrote: 3. Unscoped tokens should be very short lived: 10 minutes. Unscoped tokens should be infinitely extensible: If I hand an unscoped token to keystone, I get one good for another 10 minutes. Using this time limit horizon should extend all the

Re: [openstack-dev] [Keystone][Horizon] Proposed Changed for Unscoped tokens.

On Fri, Jul 4, 2014 at 5:13 PM, Adam Young ayo...@redhat.com wrote: Unscoped tokens are really a proxy for the Horizon session, so lets treat them that way. 1. When a user authenticates unscoped, they should get back a list of their projects: some thing along the lines of: domains [{

Re: [openstack-dev] [Keystone][Horizon] Proposed Changed for Unscoped tokens.

On 07/07/2014 11:11 AM, Dolph Mathews wrote: On Fri, Jul 4, 2014 at 5:13 PM, Adam Young ayo...@redhat.com mailto:ayo...@redhat.com wrote: Unscoped tokens are really a proxy for the Horizon session, so lets treat them that way. 1. When a user authenticates unscoped, they should

Re: [openstack-dev] [Keystone][Horizon] Proposed Changed for Unscoped tokens.

Probably should not have posted this over a weekend, especially a Long weekend. On 07/04/2014 06:13 PM, Adam Young wrote: Unscoped tokens are really a proxy for the Horizon session, so lets treat them that way. 1. When a user authenticates unscoped, they should get back a list of their

[openstack-dev] [Keystone][Horizon] Proposed Changed for Unscoped tokens.

Unscoped tokens are really a proxy for the Horizon session, so lets treat them that way. 1. When a user authenticates unscoped, they should get back a list of their projects: some thing along the lines of: domains [{ name = d1, projects [ p1, p2, p3]}, {