Allow a token to be scoped to many projects in the v3 spec
In v2 of keystone, tenant is unbounded with respect to token:
https:/
In v3 of keystone, a token can only be scoped to 1 project (renamed from tenant in this version):
https:/
In following the contract for v2 explicitly, we are allowing in our implementation the ability to access multiple default tenants upon authentication. The other method (of going from unscoped to direct-
The change to 1 project per token makes it difficult for us to adopt v3.
I'd like the v3 contract to indicate a list of projects that the token is scoped to. This flexibility in the contract will help us migrate users to v3. This isn't a request to change the reference implementation, just the contract.
Blueprint information
- Status:
- Complete
- Approver:
- Joseph Heck
- Priority:
- Undefined
- Drafter:
- Joe Savak
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Not started
- Milestone target:
- None
- Started by
- Completed by
- Morgan Fainberg
Related branches
Related bugs
Sprints
Whiteboard
posted for broader discussion: http://
this is not really open for discussion at this point. We've got a contract that we have 1 project per token for now. We can reopen this down the road if needed.