Ask Your Question
0

Difference between keystone v3.0 and v2.0

asked 2015-02-01 01:21:06 -0500

Veena gravatar image

Hi, What is the major difference between keystone v3.0 and v2.0? Am building a new NFVO application on top of OpenStack, which version of keystone I should use for authentication purpose? What will be the difference in design and implementation for both versions? I read from some posts that v2.0 will be deprecated in future release. If so, will all other services support v3.0? Will there be any code change in other services like nova to support keystone v3.0?

Please share your thoughts.

Thanks,

-Veena

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-02-01 16:07:31 -0500

sfcloudman gravatar image

updated 2015-02-01 16:07:47 -0500

Both apis are fully documented:

http://developer.openstack.org/api-re...

http://developer.openstack.org/api-re...

For authentication you can use any version you want.

V3 has support for Domains which V2 doesnt. https://wiki.openstack.org/wiki/Domains

If you are using the keystone cli client then there should be no changes in api needed. Plus v2 apis are a subset of v3 apis so everything should work without requiring any changes to your api.

edit flag offensive delete link more

Comments

Thanks sfcloudman for the info. Are there any new auth protocols implemented or concerns on the performance of security provided in v3.0?

Veena gravatar imageVeena ( 2015-02-01 23:16:09 -0500 )edit

Auth protocols are pluggable in keystone so they are independent of the api version.

Here is a great link for developers that talks about the difference between v2 and v3. http://docs.openstack.org/developer/k...

Ultimately v3 is a superset of v2 so you should have no concerns.

sfcloudman gravatar imagesfcloudman ( 2015-02-02 00:01:47 -0500 )edit

Thanks for the suggestions sfcloudman, it helped me.

Veena gravatar imageVeena ( 2015-02-02 00:25:31 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-02-01 01:21:06 -0500

Seen: 1,093 times

Last updated: Feb 01 '15

Related questions

radius integration with openstack

OS_SERVICE_ENDPOINT vs OS_AUTH_URL [closed]

No module named simple

Openstack security group rules implemented ?

Keystone: Unable to establish connection

moving keystone to another server

keystoneclient.auth.identity.generic.base Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.

Keystone V3 in Kilo

show user with role ?

keystone cannot use the command curl