openstack/swift
Code Issues Proposed changes
swift/doc/source/api/authentication.rst
Anne Gentle 6f9ca6122e Adds v1 API documentation to doc/source/api 
After discussion https://review.openstack.org/#/c/129384/ moving
to the doc directory in swift repo.

This lets us eliminate the object-api repo along with all the <service>-
api repos and move content to audience-centric locations.

Change-Id: Ia0d9973847f7409a02dcc1a0e19400a3c3ecdf32
2014-11-17 16:19:07 -06:00

55 lines
2.0 KiB
ReStructuredText
Raw Blame History

==============
Authentication
==============
The owner of an Object Storage account controls access to that account
and its containers and objects. An owner is the user who has the
''admin'' role for that tenant. The tenant is also known as the project
or account. As the account owner, you can modify account metadata and
create, modify, and delete containers and objects.
To identify yourself as the account owner, include an authentication
token in the ''X-Auth-Token'' header in the API request.
Depending on the token value in the ''X-Auth-Token'' header, one of the
following actions occur:
- ''X-Auth-Token'' contains the token for the account owner.
The request is permitted and has full access to make changes to the
account.
- The ''X-Auth-Token'' header is omitted or it contains a token for a
non-owner or a token that is not valid.
The request fails with a 401 Unauthorized or 403 Forbidden response.
You have no access to accounts or containers, unless an access
control list (ACL) explicitly grants access.
The account owner can grant account and container access to users
through access control lists (ACLs).
The following list describes the authentication services that you can
use with Object Storage:
- OpenStack Identity (keystone): For Object Storage, account is synonymous with
project or tenant ID.
- Tempauth middleware: Object Storage includes this middleware. User and account
management is performed in Object Storage itself.
- Swauth middleware: Stored in github, this custom middleware is modeled on
Tempauth. Usage is similar to Tempauth.
- Other custom middleware: Write it yourself to fit your environment.
Specifically, you use the ''X-Auth-Token'' header to pass an
authentication token to an API request.
Authentication tokens expire after a time period that the authentication
service defines. When a token expires, use of the token causes requests
to fail with a 401 Unauthorized response. To continue, you must obtain a
new token.
View Git Blame Copy Permalink