Difference between keystone v3.0 and v2.0

asked 2015-02-01 01:21:06 -0600

Veena gravatar image

Hi, What is the major difference between keystone v3.0 and v2.0? Am building a new NFVO application on top of OpenStack, which version of keystone I should use for authentication purpose? What will be the difference in design and implementation for both versions? I read from some posts that v2.0 will be deprecated in future release. If so, will all other services support v3.0? Will there be any code change in other services like nova to support keystone v3.0?

Please share your thoughts.



edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-02-01 16:07:31 -0600

updated 2015-02-01 16:07:47 -0600

Both apis are fully documented:



For authentication you can use any version you want.

V3 has support for Domains which V2 doesnt. https://wiki.openstack.org/wiki/Domains

If you are using the keystone cli client then there should be no changes in api needed. Plus v2 apis are a subset of v3 apis so everything should work without requiring any changes to your api.

edit flag offensive delete link more


Thanks sfcloudman for the info. Are there any new auth protocols implemented or concerns on the performance of security provided in v3.0?

Veena gravatar imageVeena ( 2015-02-01 23:16:09 -0600 )edit

Auth protocols are pluggable in keystone so they are independent of the api version.

Here is a great link for developers that talks about the difference between v2 and v3. http://docs.openstack.org/developer/k...

Ultimately v3 is a superset of v2 so you should have no concerns.

sfcloudman gravatar imagesfcloudman ( 2015-02-02 00:01:47 -0600 )edit

Thanks for the suggestions sfcloudman, it helped me.

Veena gravatar imageVeena ( 2015-02-02 00:25:31 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-02-01 01:21:06 -0600

Seen: 1,246 times

Last updated: Feb 01 '15