Hide Forgot
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/make-project-unbounded-v3. Description: In v2 of keystone, tenant is unbounded with respect to token: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/docbkx/common/xsd/token.xsd#L57 In v3 of keystone, a token can only be scoped to 1 project (renamed from tenant in this version): https://github.com/openstack/identity-api/blob/master/openstack-identity-api/src/markdown/identity-api-v3.md#authenticate-post-tokens In following the contract for v2 explicitly, we are allowing in our implementation the ability to access multiple default tenants upon authentication. The other method (of going from unscoped to direct-1-tenant-scope works as well). The change to 1 project per token makes it difficult for us to adopt v3. I'd like the v3 contract to indicate a list of projects that the token is scoped to. This flexibility in the contract will help us migrate users to v3. This isn't a request to change the reference implementation, just the contract. Specification URL (additional information): None
This is not on the roadmap. So much of OpenStack auth management relies on the concept of one token per project. This has been closed upstream.