Sophie

Sophie

distrib > Fedora > 13 > i386 > media > updates > by-pkgid > e2eef204a8562d4f753a051d0e998dc4 > files > 46

openstack-swift-doc-1.0.2-5.fc13.noarch.rpm

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>The Auth System &mdash; Swift v1.0.2 documentation</title>
    <link rel="stylesheet" href="_static/default.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '',
        VERSION:     '1.0.2',
        COLLAPSE_MODINDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <link rel="top" title="Swift v1.0.2 documentation" href="index.html" />
    <link rel="next" title="Replication" href="overview_replication.html" />
    <link rel="prev" title="The Account Reaper" href="overview_reaper.html" /> 
  </head>
  <body>
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="genindex.html" title="General Index"
             accesskey="I">index</a></li>
        <li class="right" >
          <a href="modindex.html" title="Global Module Index"
             accesskey="M">modules</a> |</li>
        <li class="right" >
          <a href="overview_replication.html" title="Replication"
             accesskey="N">next</a> |</li>
        <li class="right" >
          <a href="overview_reaper.html" title="The Account Reaper"
             accesskey="P">previous</a> |</li>
        <li><a href="index.html">Swift v1.0.2 documentation</a> &raquo;</li> 
      </ul>
    </div>  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body">
            
  <div class="section" id="the-auth-system">
<h1>The Auth System<a class="headerlink" href="#the-auth-system" title="Permalink to this headline">¶</a></h1>
<p>The auth system for Swift is based on the auth system from an existing
architecture &#8211; actually from a few existing auth systems &#8211; and is therefore a
bit disjointed. The distilled points about it are:</p>
<ul class="simple">
<li>The authentication/authorization part is outside Swift itself</li>
<li>The user of Swift passes in an auth token with each request</li>
<li>Swift validates each token with the external auth system and caches the
result</li>
<li>The token does not change from request to request, but does expire</li>
</ul>
<p>The token can be passed into Swift using the X-Auth-Token or the
X-Storage-Token header. Both have the same format: just a simple string
representing the token. Some external systems use UUID tokens, some an MD5 hash
of something unique, some use &#8220;something else&#8221; but the salient point is that
the token is a string which can be sent as-is back to the auth system for
validation.</p>
<p>The validation call is, for historical reasons, an XMLRPC call. There are two
types of auth systems, type 0 and type 1. With type 0, the XMLRPC call is given
the token and the Swift account name (also known as the account hash because
it&#8217;s usually of the format &lt;reseller&gt;_&lt;hash&gt;). With type 1, the call is given
the container name and HTTP method as well as the token and account hash. Both
types are also given a service login and password recorded in Swift&#8217;s
resellers.conf. For a valid token, both auth system types respond with a
session TTL and overall expiration in seconds from now. Swift does not honor
the session TTL but will cache the token up to the expiration time. Tokens can
be purged through a call to Swift&#8217;s services server.</p>
<p>How the user gets the token to use with Swift is up to the reseller software
itself. For instance, with Cloud Files the user has a starting URL to an auth
system. The user starts a session by sending a ReST request to that auth system
to receive the auth token, a URL to the Swift system, and a URL to the CDN
system.</p>
<div class="section" id="history-and-future">
<h2>History and Future<a class="headerlink" href="#history-and-future" title="Permalink to this headline">¶</a></h2>
<p>What&#8217;s established in Swift for authentication/authorization has history from
before Swift, so that won&#8217;t be recorded here. It was minimally integrated with
Swift to meet project deadlines, but in the near future Swift should have a
pluggable auth/reseller system to support the above as well as other
architectures.</p>
</div>
</div>


          </div>
        </div>
      </div>
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
            <h3><a href="index.html">Table Of Contents</a></h3>
            <ul>
<li><a class="reference external" href="#">The Auth System</a><ul>
<li><a class="reference external" href="#history-and-future">History and Future</a></li>
</ul>
</li>
</ul>

            <h4>Previous topic</h4>
            <p class="topless"><a href="overview_reaper.html"
                                  title="previous chapter">The Account Reaper</a></p>
            <h4>Next topic</h4>
            <p class="topless"><a href="overview_replication.html"
                                  title="next chapter">Replication</a></p>
            <h3>This Page</h3>
            <ul class="this-page-menu">
              <li><a href="_sources/overview_auth.txt"
                     rel="nofollow">Show Source</a></li>
            </ul>
          <div id="searchbox" style="display: none">
            <h3>Quick search</h3>
              <form class="search" action="search.html" method="get">
                <input type="text" name="q" size="18" />
                <input type="submit" value="Go" />
                <input type="hidden" name="check_keywords" value="yes" />
                <input type="hidden" name="area" value="default" />
              </form>
              <p class="searchtip" style="font-size: 90%">
              Enter search terms or a module, class or function name.
              </p>
          </div>
          <script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="genindex.html" title="General Index"
             >index</a></li>
        <li class="right" >
          <a href="modindex.html" title="Global Module Index"
             >modules</a> |</li>
        <li class="right" >
          <a href="overview_replication.html" title="Replication"
             >next</a> |</li>
        <li class="right" >
          <a href="overview_reaper.html" title="The Account Reaper"
             >previous</a> |</li>
        <li><a href="index.html">Swift v1.0.2 documentation</a> &raquo;</li> 
      </ul>
    </div>
    <div class="footer">
      &copy; Copyright 2010, OpenStack, LLC..
      Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 0.6.6.
    </div>
  </body>
</html>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional