A token is an arbitrary bit of text that is used to access resources. Each token has a scope which describes which resources are accessible with it. A token may be revoked at anytime and is valid for a finite duration.
While Keystone supports token-based authentication in this release, the intention is for it to support additional protocols in the future. The desire is for it to be an integration service, and not a full-fledged identity store and management solution.
The service catalog lists the services you have access to
We optimized for future flexibility around the hierarchy. So we left the design as a flat list of endpoints with attributes and the consumer can categorize as they need. This results in potential duplication (such as with the version/@list) but we acceopt that normalization cost in order to not force an artificial hierarchy (suchas on region, which can be optional).
A list of services.
A list of endpoints.
The OpenStack-registered type (e.g. 'compute', 'object-store', etc).
The commercial service name (e.g. 'My Nova Cloud Servers').
The name of the region where the endpoint lives. Example: airport codes; LHR (UK), STL (Saint Louis)
The publically accessible service URL.
A service URL, accessible only locally within that cloud (generally over a high bandwidth, low latency, free of charge link).
An Admin URL (used for administration using privileged calls). This may expose additional functionality not found in the public and internal URL.
An extensible service type allows all of the strings defined in ServiceType or an alias prefixed status.
The type for an OpenStack Compute API 1.1 compatible service.
The type for a Swift-compatible service.
The type for a Glance-compatible service
The type for a Keystone-compatible service.
A non-core service type which must contain an extension prefix.