In process of creating separate backend, I found out several obstacles that I believe should be removed. One of them is RoleRefs. As I suggest, there should no such thing at all. At least they should be isolated in sql backend which implements relation between tenants, roles and users through separate table with four columns. It should be cleaner to show this dependancy to user in our REST interface /tenants/tenant_id/roles/role_id/users/user_id and pass to backend just this id-triplet. If someone wants to GET all roles in all tenants that the user has, there can be url like users/user_id/roles for this. But data manipulation should not be done through users collection. The basic idea is to clearly represent collections and items in this collections in REST interface and server logic.
Kind regards, Yuriy.
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
