diff --git a/api/v2.0/identity-api-v2.0-content_compression.rst b/api/v2.0/identity-api-v2.0-content_compression.rst
new file mode 100644
index 00000000..fa196602
--- /dev/null
+++ b/api/v2.0/identity-api-v2.0-content_compression.rst
@@ -0,0 +1,20 @@
+===============================================
+OpenStack Identity API v2.0 Content compression
+===============================================
+
+Request and response body data may be encoded with gzip compression in
+order to accelerate interactive performance of API calls and responses.
+This is controlled using the ``Accept-Encoding`` header on the request
+from the client and indicated by the ``Content-Encoding`` header in the
+server response. Unless the header is explicitly set, encoding defaults
+to disabled.
+
+**Compression headers**
+
+================= ================ =====
+Header type Name Value
+================= ================ =====
+HTTP/1.1 Request Accept-Encoding gzip
+HTTP/1.1 Response Content-Encoding gzip
+================= ================ =====
+
diff --git a/api/v2.0/identity-api-v2.0-extensions.rst b/api/v2.0/identity-api-v2.0-extensions.rst
new file mode 100644
index 00000000..7d412734
--- /dev/null
+++ b/api/v2.0/identity-api-v2.0-extensions.rst
@@ -0,0 +1,236 @@
+======================================
+OpenStack Identity API v2.0 Extensions
+======================================
+
+The OpenStack Identity API is extensible. Extensions serve two purposes:
+They allow the introduction of new features in the API without requiring
+a version change and they allow the introduction of vendor specific
+niche functionality. Applications can programmatically determine what
+extensions are available by performing a **GET** on the /extensions URI.
+Note that this is a versioned request - that is, an extension available
+in one API version might not be available in another.
+
+======= =========== ======================================
+Verb URI Description
+**GET** /extensions Returns a list of available extensions
+======= =========== ======================================
+
+Normal response code(s):200, 203
+
+Error response code(s): badRequest (400), identityFault (500),
+serviceUnavailable(503)
+
+This operation does not require a request body.
+
+Each extension is identified by two unique identifiers, a namespace and
+an alias. Additionally an extension contains documentation links in
+various formats.
+
+**Example: List extensions: XML response**
+
+.. code-block:: xml
+
+
+
+
+
+**Example: List extensions: JSON response**
+
+.. code:: javascript
+
+ {
+ "extensions": {
+ "values": [
+ {
+ "updated": "2013-07-07T12:00:0-00:00",
+ "name": "OpenStack S3 API",
+ "links": [
+ {
+ "href": "https://github.com/openstack/identity-api",
+ "type": "text/html",
+ "rel": "describedby"
+ }
+ ],
+ "namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0",
+ "alias": "s3tokens",
+ "description": "OpenStack S3 API."
+ },
+ {
+ "updated": "2013-07-23T12:00:0-00:00",
+ "name": "OpenStack Keystone Endpoint Filter API",
+ "links": [
+ {
+ "href": "https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-ep-filter-ext.md",
+ "type": "text/html",
+ "rel": "describedby"
+ }
+ ],
+ "namespace": "http://docs.openstack.org/identity/api/ext/OS-EP-FILTER/v1.0",
+ "alias": "OS-EP-FILTER",
+ "description": "OpenStack Keystone Endpoint Filter API."
+ },
+ {
+ "updated": "2013-12-17T12:00:0-00:00",
+ "name": "OpenStack Federation APIs",
+ "links": [
+ {
+ "href": "https://github.com/openstack/identity-api",
+ "type": "text/html",
+ "rel": "describedby"
+ }
+ ],
+ "namespace": "http://docs.openstack.org/identity/api/ext/OS-FEDERATION/v1.0",
+ "alias": "OS-FEDERATION",
+ "description": "OpenStack Identity Providers Mechanism."
+ },
+ {
+ "updated": "2013-07-11T17:14:00-00:00",
+ "name": "OpenStack Keystone Admin",
+ "links": [
+ {
+ "href": "https://github.com/openstack/identity-api",
+ "type": "text/html",
+ "rel": "describedby"
+ }
+ ],
+ "namespace": "http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0",
+ "alias": "OS-KSADM",
+ "description": "OpenStack extensions to Keystone v2.0 API enabling Administrative Operations."
+ },
+ {
+ "updated": "2014-01-20T12:00:0-00:00",
+ "name": "OpenStack Simple Certificate API",
+ "links": [
+ {
+ "href": "https://github.com/openstack/identity-api",
+ "type": "text/html",
+ "rel": "describedby"
+ }
+ ],
+ "namespace": "http://docs.openstack.org/identity/api/ext/OS-SIMPLE-CERT/v1.0",
+ "alias": "OS-SIMPLE-CERT",
+ "description": "OpenStack simple certificate retrieval extension"
+ },
+ {
+ "updated": "2013-07-07T12:00:0-00:00",
+ "name": "OpenStack EC2 API",
+ "links": [
+ {
+ "href": "https://github.com/openstack/identity-api",
+ "type": "text/html",
+ "rel": "describedby"
+ }
+ ],
+ "namespace": "http://docs.openstack.org/identity/api/ext/OS-EC2/v1.0",
+ "alias": "OS-EC2",
+ "description": "OpenStack EC2 Credentials backend."
+ }
+ ]
+ }
+ }
+
+
+Extensions might also be queried individually by their unique alias.
+This provides the simplest method of checking if an extension is
+available as an unavailable extension issues an itemNotFound (404)
+response.
+
+======= ======================= ====================================
+Verb URI Description
+**GET** /extensions/*``alias``* Return details of a single extension
+======= ======================= ====================================
+
+Normal response code(s):200, 203
+
+Error response code(s): itemNotFound (404), badRequest (400),
+identityFault (500), serviceUnavailable(503)
+
+This operation does not require a request body.
+
+**Example: Show extension details: XML response**
+
+.. code-block:: xml
+
+
+
+ Allows associating arbitrary metadata with a
+ user.
+
+
+
+
+
+**Example: Show extension details: JSON response**
+
+.. code:: javascript
+
+ {
+ "extension": {
+ "updated": "2013-07-07T12:00:0-00:00",
+ "name": "OpenStack S3 API",
+ "links": [
+ {
+ "href": "https://github.com/openstack/identity-api",
+ "type": "text/html",
+ "rel": "describedby"
+ }
+ ],
+ "namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0",
+ "alias": "s3tokens",
+ "description": "OpenStack S3 API."
+ }
+ }
+
+Extensions can define new data types, parameters, actions, headers,
+states, and resources. In XML, additional elements and attributes might
+be defined. These elements must be defined in the extension's namespace.
+In JSON, the alias must be used. Extended headers are always
+prefixed with ``X-`` followed by the alias and a dash:
+(``X-RS-META-HEADER1``). Parameters must be prefixed with the extension
+alias followed by a colon.
+
+.. note::
+
+ Applications should ignore response data that contains extension
+ elements. Also, applications should also verify that an extension is
+ available before submitting an extended request.
+
+**Example: Show user details: XML response**
+
+.. code-block:: xml
+
+
+
+
+ MetaValue1
+ MetaValue2
+
+
+
+**Example: Show user details: JSON response**
+
+.. code:: javascript
+
+ {
+ "user": {
+ "id": "1000",
+ "username": "jqsmith",
+ "email": "john.smith@example.org",
+ "enabled": true,
+ "RS-META:metadata": {
+ "values": {
+ "MetaKey1": "MetaValue1",
+ "MetaKey2": "MetaValue2"
+ }
+ }
+ }
+ }
diff --git a/api/v2.0/identity-api-v2.0-faults.rst b/api/v2.0/identity-api-v2.0-faults.rst
new file mode 100644
index 00000000..36752f87
--- /dev/null
+++ b/api/v2.0/identity-api-v2.0-faults.rst
@@ -0,0 +1,91 @@
+==================================
+OpenStack Identity API v2.0 Faults
+==================================
+
+When an error occurs, the system returns an HTTP error response code
+denoting the type of error. The system also returns additional
+information about the fault in the body of the response.
+
+**Example: Identity fault: XML response**
+
+.. code-block:: xml
+
+
+
+ Fault
+ Error Details...
+
+
+
+**Example: Identity fault: JSON response**
+
+.. code:: javascript
+
+ {
+ "identityFault": {
+ "message": "Fault",
+ "details": "Error Details...",
+ "code": 500
+ }
+ }
+
+
+The response body returns the error code for convenience. The message
+section returns a human readable message. The details section is
+optional and might contain useful information for tracking down an error
+(such as, a stack trace).
+
+The root element of the fault (for example, identityFault) might change
+depending on the type of error. The following is an example of an
+itemNotFound error.
+
+**Example: itemNotFound fault: XML response**
+
+.. code-block:: xml
+
+
+
+ Item not found.
+ Error Details...
+
+
+
+**Example: itemNotFound fault: JSON response**
+
+.. code:: javascript
+
+ {
+ "itemNotFound": {
+ "message": "Item not found.",
+ "details": "Error Details...",
+ "code": 404
+ }
+ }
+
+
+The following table shows the possible fault types with associated error
+codes:
+
+**Table: Fault types**
+
+=================== ===================== ========================
+Fault element Associated error code Expected in all requests
+
+identityFault 500, 400 Yes
+serviceUnavailable 503 Yes
+badRequest 400 Yes
+unauthorized 401 Yes
+overLimit 413 No
+userDisabled 403 No
+forbidden 403 No
+itemNotFound 404 No
+tenantConflict 409 No
+=================== ===================== ========================
+
+
+From an XML schema perspective, all API faults are extensions of the
+base identityFault fault type. When working with a system that binds XML
+to actual classes (such as JAXB), one should be capable of using
+identityFault as a catch-all if there's no interest in distinguishing
+between individual fault types.
diff --git a/api/v2.0/identity-api-v2.0-paginated_collections.rst b/api/v2.0/identity-api-v2.0-paginated_collections.rst
new file mode 100644
index 00000000..1548bea6
--- /dev/null
+++ b/api/v2.0/identity-api-v2.0-paginated_collections.rst
@@ -0,0 +1,214 @@
+=================================================
+OpenStack Identity API v2.0 Paginated collections
+=================================================
+
+To reduce load on the service, list operations return a maximum number
+of items at a time. The maximum number of items returned is determined
+by the Identity provider. To navigate the collection, you can set the
+*``limit``* and *``marker``* parameters in the URI. For example,
+?\ *``limit``*\ =100&\ *``marker``*\ =1234. The *``marker``* parameter
+is the ID of the last item in the previous list. Items are sorted by
+update time. When an update time is not available they are sorted by ID.
+The *``limit``* parameter sets the page size. Both parameters are
+optional. If the client requests a *``limit``* beyond that which is
+supported by the deployment an overLimit (413) fault might be thrown. A
+marker with an invalid ID returns an itemNotFound (404) fault.
+
+.. note::
+
+ Paginated collections never return itemNotFound (404) faults when the
+ collection is empty - clients should expect an empty collection.
+
+For convenience, collections contain atom "next" and "previous" links.
+The first page in the list does not contain a ``previous`` link, the
+last page in the list does not contain a ``next`` link. The following
+examples illustrate three pages in a collection of tenants. The first
+page was retrieved through a **GET** to
+``http://identity.api.openstack.org/v2.0/1234/tenants?limit=1``. In
+these examples, the *``limit``* parameter sets the page size to a single
+item. Subsequent ``next`` and ``previous`` links honor the initial page
+size. Thus, a client might follow links to traverse a paginated
+collection without having to input the *``marker``* parameter.
+
+**Example: Tenant collection, first page: XML response**
+
+.. code-block:: xml
+
+
+
+
+ A description...
+
+
+
+
+
+
+**Example: Tenant collection, first page: JSON response**
+
+.. code:: javascript
+
+ {
+ "tenants": [
+ {
+ "id": "1234",
+ "name": "ACME corp",
+ "description": "A description ...",
+ "enabled": true
+ }
+ ],
+ "tenants_links": [
+ {
+ "rel": "next",
+ "href": "http://identity.api.openstack.org/v2.0/tenants?limit=1&marker=1234"
+ }
+ ]
+ }
+
+
+
+**Example: Tenant collection, second page: XML response**
+
+.. code-block:: xml
+
+
+
+
+ A description...
+
+
+
+
+
+
+
+**Example: Tenant collection, second page: JSON response**
+
+.. code:: javascript
+
+ {
+ "tenants": [
+ {
+ "id": "3645",
+ "name": "Iron Works",
+ "description": "A description ...",
+ "enabled": true
+ }
+ ],
+ "tenants_links": [
+ {
+ "rel": "next",
+ "href": "http://identity.api.openstack.org/v2.0/tenants?limit=1&marker=3645"
+ },
+ {
+ "rel": "previous",
+ "href": "http://identity.api.openstack.org/v2.0/tenants?limit=1"
+ }
+ ]
+ }
+
+
+
+**Example: Tenant collection, last page: XML response**
+
+.. code-block:: xml
+
+
+
+
+ A description...
+
+
+
+
+
+
+**Example: Tenant collection, last page: JSON response**
+
+.. code:: javascript
+
+ {
+ "tenants": [
+ {
+ "id": "9999",
+ "name": "Bigz",
+ "description": "A description ...",
+ "enabled": true
+ }
+ ],
+ "tenants_links": [
+ {
+ "rel": "previous",
+ "href": "http://identity.api.openstack.org/v2.0/tenants?limit=1&marker=1234"
+ }
+ ]
+ }
+
+
+
+In the JSON representation, paginated collections contain a values
+property that contains the items in the collections. Links are accessed
+via the links property. The approach allows for extensibility of both
+the collection members and of the paginated collection itself. It also
+allows collections to be embedded in other objects as illustrated below.
+Here, a subset of groups are presented within a user. Clients must
+follow the "next" link to continue to retrieve additional groups
+belonging to a user.
+
+**Example: Paginated roles in user: XML response**
+
+.. code-block:: xml
+
+
+
+
+
+
+
+
+
+
+
+
+**Example: Paginated roles in user: JSON response**
+
+.. code:: javascript
+
+ {
+ "user": {
+ "OS-ROLE:roles": [
+ {
+ "tenantId": "1234",
+ "id": "Admin"
+ },
+ {
+ "tenantId": "1234",
+ "id": "DBUser"
+ }
+ ],
+ "OS-ROLE:roles_links": [
+ {
+ "rel": "next",
+ "href": "http://identity.api.openstack.org/v2.0/tenants/1234/users/u1000/roles?marker=Super"
+ }
+ ],
+ "id": "u1000",
+ "username": "jqsmith",
+ "email": "john.smith@example.org",
+ "enabled": true
+ }
+ }
diff --git a/api/v2.0/identity-api-v2.0-request_and_response_formats.rst b/api/v2.0/identity-api-v2.0-request_and_response_formats.rst
new file mode 100644
index 00000000..19699440
--- /dev/null
+++ b/api/v2.0/identity-api-v2.0-request_and_response_formats.rst
@@ -0,0 +1,204 @@
+========================================================
+OpenStack Identity API v2.0 Request and response formats
+========================================================
+
+The OpenStack Identity API supports both JSON and XML data serialization
+request and response formats.
+
+Use the ``Content-Type`` request header to specify the request format.
+This header is required for operations that have a request body.
+
+The syntax for the ``Content-Type`` header is:
+
+.. code::
+
+ Content-Type: application/FORMAT
+
+Where *``FORMAT``* is either ``json`` or ``xml``.
+
+Use one of the following methods to specify the response format:
+
+``Accept`` header
+ The syntax for the ``Accept`` header is:
+
+ .. code::
+
+ Accept: application/FORMAT
+
+ Where *``FORMAT``* is either ``json`` or ``xml``. The default format
+ is ``json``.
+
+Query extension
+ Add an ``.xml`` or ``.json`` extension to the request URI. For
+ example, the ``.xml`` extension in the following list servers URI
+ request specifies that the response body is to be returned in XML
+ format:
+
+ .. code::
+
+ GET publicURL/servers.xml
+
+If you do not specify a response format, JSON is the default.
+
+If the ``Accept`` header and the query extension specify conflicting
+formats, the format specified in the query extension takes precedence.
+For example, if the query extension is ``.xml`` and the ``Accept``
+header specifies ``application/json``, the response is returned in XML
+format.
+
+You can serialize a response in a different format from the request
+format. Here are some examples.
+
+**Example: Request with headers: JSON**
+
+.. code::
+
+ POST /v2.0/tokens HTTP/1.1
+ Host: identity.api.openstack.org
+ Content-Type: application/json
+ Accept: application/xml
+
+.. code:: javascript
+
+ {
+ "auth": {
+ "tenantName": "demo",
+ "passwordCredentials": {
+ "username": "demo",
+ "password": "devstack"
+ }
+ }
+ }
+
+
+**Example: Response with headers: XML**
+
+.. code::
+
+ HTTP/1.1 200 OKAY
+ Date: Mon, 12 Nov 2010 15:55:01 GMT
+ Content-Length:
+ Content-Type: application/xml; charset=UTF-8
+
+.. code-block:: xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 7598ac3c634d4c3da4b9126a5f67ca2b
+ f95c0ab82d6045d9805033ee1fbc80d4
+
+
+
diff --git a/api/v2.0/identity-api-v2.0-versions.rst b/api/v2.0/identity-api-v2.0-versions.rst
new file mode 100644
index 00000000..4146f45e
--- /dev/null
+++ b/api/v2.0/identity-api-v2.0-versions.rst
@@ -0,0 +1,364 @@
+====================================
+OpenStack Identity API v2.0 Versions
+====================================
+
+The OpenStack Identity API uses both a URI and a MIME type versioning
+scheme. In the URI scheme, the first element of the path contains the
+target version identifier (for example,
+https://identity.api.openstack.org/ v2.0/). The MIME type versioning
+scheme uses HTTP content negotiation where the ``Accept`` or
+``Content-Type`` headers contains a MIME type that includes the version
+ID as a parameter (application/vnd.openstack.identity+xml;version=1.1).
+A version MIME type is always linked to a base MIME type
+(application/xml or application/json). If conflicting versions are
+specified using both an HTTP header and a URI, the URI takes precedence.
+
+**Example: Request with MIME type versioning**
+
+.. code::
+
+ GET /tenants HTTP/1.1
+ Host: identity.api.openstack.org
+ Accept: application/vnd.openstack.identity+xml;version=1.1
+ X-Auth-Token: eaaafd18-0fed-4b3a-81b4-663c99ec1cbb
+
+
+**Example: Request with URI versioning**
+
+.. code::
+
+ GET /v1.1/tenants HTTP/1.1
+ Host: identity.api.openstack.org
+ Accept: application/xml
+ X-Auth-Token: eaaafd18-0fed-4b3a-81b4-663c99ec1cbb
+
+
+.. note::
+
+ The MIME type versioning approach allows for the creation of permanent
+ links, because the version scheme is not specified in the URI path:
+ ``https://api.identity.openstack.org/tenants/12234``.
+
+If a request is made without a version specified in the URI or through
+HTTP headers, a multiple-choices response (300) provides links and MIME
+types to available versions.
+
+**Example: Multiple choices: XML response**
+
+.. code-block:: xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**Example: Multiple choices: JSON response**
+
+.. code:: javascript
+
+ {
+ "choices": [
+ {
+ "id": "v1.0",
+ "status": "DEPRECATED",
+ "links": [
+ {
+ "rel": "self",
+ "href": "http://identity.api.openstack.org/v1.0"
+ }
+ ],
+ "media-types": {
+ "values": [
+ {
+ "base": "application/xml",
+ "type": "application/vnd.openstack.identity+xml;version=1.0"
+ },
+ {
+ "base": "application/json",
+ "type": "application/vnd.openstack.identity+json;version=1.0"
+ }
+ ]
+ }
+ },
+ {
+ "id": "v1.1",
+ "status": "CURRENT",
+ "links": [
+ {
+ "rel": "self",
+ "href": "http://identity.api.openstack.org/v1.1"
+ }
+ ],
+ "media-types": {
+ "values": [
+ {
+ "base": "application/xml",
+ "type": "application/vnd.openstack.identity+xml;version=1.1"
+ },
+ {
+ "base": "application/json",
+ "type": "application/vnd.openstack.identity+json;version=1.1"
+ }
+ ]
+ }
+ },
+ {
+ "id": "v2.0",
+ "status": "BETA",
+ "links": [
+ {
+ "rel": "self",
+ "href": "http://identity.api.openstack.org/v2.0"
+ }
+ ],
+ "media-types": {
+ "values": [
+ {
+ "base": "application/xml",
+ "type": "application/vnd.openstack.identity+xml;version=2.0"
+ },
+ {
+ "base": "application/json",
+ "type": "application/vnd.openstack.identity+json;version=2.0"
+ }
+ ]
+ }
+ }
+ ],
+ "choices_links": ""
+ }
+
+
+New features and functionality that do not break API-compatibility are
+introduced in the current version of the API as extensions (see the
+following section) and the URI and MIME types remain unchanged. Features
+or functionality changes that would necessitate a break in
+API-compatibility require a new version, which results in URI and MIME
+type versions being updated accordingly. When new API versions are
+released, older versions are marked as ``DEPRECATED``. Providers should
+work with developers and partners to ensure adequate migration time to
+the new version before deprecated versions are discontinued.
+
+Your application can programmatically determine available API versions
+by performing a **GET** on the root URL (such as, with the version and
+everything to the right of it truncated) returned from the
+authentication system. Note that an Atom representation of the versions
+resources is supported when issuing a request with the ``Accept`` header
+containing application/atom+xml or by adding a .atom to the request URI.
+This enables standard Atom clients to track version changes.
+
+**Example: List versions: HTTP request**
+
+.. code::
+
+ GET HTTP/1.1
+ Host: identity.api.openstack.org
+
+
+
+Normal response code(s):200, 203
+
+Error response code(s): badRequest (400), identityFault (500),
+serviceUnavailable(503)
+
+This operation does not require a request body.
+
+**Example: List versions: XML response**
+
+.. code-block:: xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**Example: List versions: JSON response**
+
+.. code:: javascript
+
+ {
+ "versions": [
+ {
+ "id": "v1.0",
+ "status": "DEPRECATED",
+ "updated": "2009-10-09T11:30:00Z",
+ "links": [
+ {
+ "rel": "self",
+ "href": "http://identity.api.openstack.org/v1.0/"
+ }
+ ]
+ },
+ {
+ "id": "v1.1",
+ "status": "CURRENT",
+ "updated": "2010-12-12T18:30:02.25Z",
+ "links": [
+ {
+ "rel": "self",
+ "href": "http://identity.api.openstack.org/v1.1/"
+ }
+ ]
+ },
+ {
+ "id": "v2.0",
+ "status": "BETA",
+ "updated": "2011-05-27T20:22:02.25Z",
+ "links": [
+ {
+ "rel": "self",
+ "href": "http://identity.api.openstack.org/v2.0/"
+ }
+ ]
+ }
+ ],
+ "versions_links": []
+ }
+
+
+
+You can also obtain additional information about a specific version by
+performing a **GET** on the base version URL (for example,
+https://identity.api.openstack.org/v2.0/). Version request URLs should
+always end with a trailing slash (/). If the slash is omitted, the
+server might respond with a 302 redirection request. Format extensions
+might be placed after the slash (for example,
+https://identity.api.openstack.org/v2.0/.xml). Note that this is a
+special case that does not hold true for other API requests. In general,
+requests such as /tenants.xml and /tenants/.xml are handled
+equivalently.
+
+**Example: Get version details: HTTP request**
+
+.. code::
+
+ GET HTTP/1.1
+ Host: identity.api.openstack.org/v2.0/
+
+
+Normal response code(s):200, 203
+
+Error response code(s): badRequest (400), identityFault (500),
+serviceUnavailable(503)
+
+This operation does not require a request body.
+
+**Example: Get version details: XML response**
+
+.. code-block:: xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+**Example: Get version details: JSON response**
+
+.. code:: javascript
+
+ {
+ "version": {
+ "status": "stable",
+ "updated": "2014-04-17T00:00:00Z",
+ "media-types": [
+ {
+ "base": "application/json",
+ "type": "application/vnd.openstack.identity-v2.0+json"
+ },
+ {
+ "base": "application/xml",
+ "type": "application/vnd.openstack.identity-v2.0+xml"
+ }
+ ],
+ "id": "v2.0",
+ "links": [
+ {
+ "href": "http://23.253.228.211:5000/v2.0/",
+ "rel": "self"
+ },
+ {
+ "href": "http://docs.openstack.org/api/openstack-identity-service/2.0/content/",
+ "type": "text/html",
+ "rel": "describedby"
+ },
+ {
+ "href": "http://docs.openstack.org/api/openstack-identity-service/2.0/identity-dev-guide-2.0.pdf",
+ "type": "application/pdf",
+ "rel": "describedby"
+ }
+ ]
+ }
+ }
+
+
+.. annegentle: Removed paragraph and note about machine readable link and WADL
+ because there's nothing machine readable on docs.openstack.org/api/ after we
+ get these specs here. Need to investigate this -- is it sufficient to
+ redirect:
+ http://docs.openstack.org/api/openstack-identity-service/2.0/content/
+ to
+ http://specs.openstack.org/?
diff --git a/api/v2.0/identity-api-v2.0.rst b/api/v2.0/identity-api-v2.0.rst
new file mode 100644
index 00000000..9a3469aa
--- /dev/null
+++ b/api/v2.0/identity-api-v2.0.rst
@@ -0,0 +1,105 @@
+====================================
+OpenStack Identity API v2.0 overview
+====================================
+
+The OpenStack Identity API is implemented using a RESTful web service
+interface. All requests to authenticate and operate against the
+OpenStack Identity API should be performed using SSL over HTTP (HTTPS)
+on TCP port 443.
+
+OpenStack Identity enables clients to obtain tokens that permit access
+OpenStack cloud services.
+
+Intended audience
+-----------------
+
+This reference is for software developers who develop applications that
+use the Identity API for authentication.
+
+This reference assumes that the reader is familiar with RESTful web
+services, HTTP/1.1, and JSON or XML serialization formats.
+
+Identity concepts
+-----------------
+
+To use OpenStack Identity, you must be familiar with these key concepts:
+
+**User**
+ A digital representation of a person, system, or service that uses
+ OpenStack cloud services. OpenStack Identity authentication services
+ validate that an incoming request is being made by the user who
+ claims to be making the call.
+
+ Users have a login and may be assigned tokens to access resources.
+ Users may be directly assigned to a particular tenant and behave as
+ if they are contained in that tenant.
+
+**Credentials**
+ Data that belongs to, is owned by, and generally only known by a
+ user that the user can present to prove their identity.
+
+ Examples include:
+
+ - A matching username and password
+
+ - A matching username and API key
+
+ - A token that was issued to you
+
+**Authentication**
+ In the context OpenStack Identity, the act of confirming the
+ identity of a user or the truth of a claim. OpenStack Identity
+ confirms that an incoming request is being made by the user who
+ claims to be making the call by validating a set of claims that the
+ user is making.
+
+ These claims are initially in the form of a set of credentials
+ (username & password, or username and API key). After initial
+ confirmation, OpenStack Identity issues the user a token, which the
+ user can then provide to demonstrate that their identity has been
+ authenticated when making subsequent requests.
+
+**Token**
+ An arbitrary bit of text that is used to access resources. Each
+ token has a scope that describes which resources are accessible with
+ it. A token may be revoked at anytime and is valid for a finite
+ duration.
+
+ While OpenStack Identity supports token-based authentication in this
+ release, the intention is for it to support additional protocols in
+ the future. The intent is for it to be an integration service
+ foremost, and not aspire to be a full-fledged identity store and
+ management solution.
+
+**Tenant**
+ A container used to group or isolate resources and/or identity
+ objects. Depending on the service operator, a tenant can map to a
+ customer, account, organization, or project.
+
+**Service**
+ An OpenStack service, such as Compute (Nova), Object Storage
+ (Swift), or Image Service (Glance). A service provides one or more
+ endpoints through which users can access resources and perform
+ operations.
+
+**Endpoint**
+ A network-accessible address, usually described by a URL, where a
+ service may be accessed. If using an extension for templates, you
+ can create an endpoint template, which represents the templates of
+ all the consumable services that are available across the regions.
+
+**Role**
+ A personality that a user assumes when performing a specific set of
+ operations. A role includes a set of rights and privileges. A user
+ assuming that role inherits those rights and privileges.
+
+ In OpenStack Identity, a token that is issued to a user includes the
+ list of roles that user can assume. Services that are being called
+ by that user determine how they interpret the set of roles a user
+ has and to which operations or resources each role grants access.
+
+ It is up to individual services such as the Compute service and
+ Image service to assign meaning to these roles. As far as the
+ Identity service is concerned, a role is an arbitrary name assigned
+ by the user.
+
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 70d7f0d0..fe051c55 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -10,18 +10,16 @@ Identity v3 API
api/v3/*
-.. NOTE(dhellmann): Uncomment this section after there is at least one
- non-template spec for keystoneclient.
- =================
- Identity v2.0 API
- =================
+=================
+Identity v2.0 API
+=================
- .. toctree::
- :glob:
- :maxdepth: 1
+.. toctree::
+ :glob:
+ :maxdepth: 1
- api/v2.0/*
+ api/v2.0/*
================================