File: token-support-matrix.ini

package info (click to toggle)
keystone 2%3A28.0.0-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 13,432 kB
  • sloc: python: 125,079; pascal: 2,239; sh: 877; xml: 335; makefile: 216
file content (120 lines) | stat: -rw-r--r-- 4,172 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# For information about the format of this file, refer to the documentation
# for sphinx-feature-classification:
#
#   https://docs.openstack.org/sphinx-feature-classification/latest/

[driver.fernet]
title=Fernet tokens

[driver.jws]
title=JWS tokens

[operation.create_unscoped_token]
title=Create unscoped token
status=mandatory
notes=All token providers must be capable of issuing tokens without an explicit
  scope of authorization.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
  --os-password=<password> token issue
driver.fernet=complete
driver.jws=complete

[operation.create_system_token]
title=Create system-scoped token
status=mandatory
notes=All token providers must be capable of issuing system-scoped tokens.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
  --os-system-scope all token issue
driver.fernet=complete
driver.jws=complete

[operation.create_project_scoped_token]
title=Create project-scoped token
status=mandatory
notes=All token providers must be capable of issuing project-scoped tokens.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
  --os-password=<password> --os-project-name=<project>
  --os-project-domain-name=<domain> token issue
driver.fernet=complete
driver.jws=complete

[operation.create_domain_scoped_token]
title=Create domain-scoped token
status=optional
notes=Domain-scoped tokens are not required for all use cases, and for some use
  cases, projects can be used instead.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
  --os-password=<password> --os-domain-name=<domain> token issue
driver.fernet=complete
driver.jws=complete

[operation.create_trust_scoped_token]
title=Create trust-scoped token
status=optional
notes=Tokens scoped to a trust convey only the user impersonation and
  project-based authorization attributes included in the delegation.
cli=openstack --os-username=<username> --os-user-domain-name=<domain>
  --os-password=<password> --os-trust-id=<trust> token issue
driver.fernet=complete
driver.jws=complete

[operation.create_token_using_oauth]
title=Create a token given an OAuth access token
status=optional
notes=OAuth access tokens can be exchanged for keystone tokens.
cli=
driver.fernet=complete
driver.jws=complete

[operation.revoke_token]
title=Revoke a token
status=optional
notes=Tokens may be individually revoked, such as when a user logs out of
  Horizon. Under certain circumstances, it's acceptable for more than just a
  single token may be revoked as a result of this operation (such as when the
  revoked token was previously used to create additional tokens).
cli=openstack token revoke
driver.fernet=complete
driver.jws=complete

[feature.online_validation]
title=Online validation
status=mandatory
notes=Keystone must be able to validate the tokens that it issues when
  presented with a token that it previously issued.
cli=
driver.fernet=complete
driver.jws=complete

[feature.offline_validation]
title=Offline validation
status=optional
notes=Services using Keystone for authentication may want to validate tokens
  themselves, rather than calling back to keystone, in order to improve
  performance and scalability.
cli=
driver.fernet=missing
driver.jws=missing

[feature.non_persistent]
title=Non-persistent
status=optional
notes=If a token format does not require persistence (such as to a SQL
  backend), then there is no scalability limit to the number of tokens that
  keystone can issue at once, and there is no need to perform clean up
  operations such as `keystone-manage token_flush`.
cli=
driver.fernet=complete
driver.jws=complete