From 035070e88f8ccdda41d49495b053d5320f5fce70 Mon Sep 17 00:00:00 2001
From: Steve Martinelli <stevemar@ca.ibm.com>
Date: Tue, 18 Feb 2014 17:41:32 -0600
Subject: [PATCH] Add support to list projects and domains for federated users.

Add support to allow federated users to query what projects and
domains they have access to, based on groups.

blueprint saml-id

Change-Id: Ie44bb01a837c30fdc7ea3ded81ca5b0015906dcf
---
 .../identity-api-v3-os-federation-ext.md      | 72 +++++++++++++++++++
 1 file changed, 72 insertions(+)

diff --git a/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md b/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md
index 06fea59..b7a147b 100644
--- a/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md
+++ b/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md
@@ -561,6 +561,78 @@ Response:
 
     Status: 204 No Content
 
+Listing projects and domains
+----------------------------
+
+### List projects a federated user can access: `GET /OS-FEDERATION/projects`
+
+Returns a collection of projects to which the federated user has authorization
+to access. To access this resource, an unscoped token is used, the user can
+then select a project and request a scoped token. Note that only enabled
+projects will be returned.
+
+Response:
+
+    Status: 200 OK
+
+   {
+        "projects": [
+            {
+                "domain_id": "37ef61",
+                "enabled": true,
+                "id": "12d706",
+                "links": {
+                    "self": "http://identity:35357/v3/projects/12d706"
+                },
+                "name": "a project name"
+            },
+            {
+                "domain_id": "37ef61",
+                "enabled": true,
+                "id": "9ca0eb",
+                "links": {
+                    "self": "http://identity:35357/v3/projects/9ca0eb"
+                },
+                "name": "another project"
+            }
+        ],
+        "links": {
+            "self": "http://identity:35357/v3/OS-FEDERATION/projects",
+            "previous": null,
+            "next": null
+        }
+    }
+
+### List domains a federated user can access: `GET /OS-FEDERATION/domains`
+
+Returns a collection of domains to which the federated user has authorization
+to access. To access this resource, an unscoped token is used, the user can
+then select a domain and request a scoped token. Note that only enabled
+domains will be returned.
+
+Response:
+
+    Status: 200 OK
+
+    {
+        "domains": [
+            {
+                "description": "desc of domain",
+                "enabled": true,
+                "id": "37ef61",
+                "links": {
+                    "self": "http://identity:35357/v3/domains/37ef61"
+                },
+                "name": "my domain"
+            }
+        ],
+        "links": {
+            "self": "http://identity:35357/v3/OS-FEDERATION/domains",
+            "previous": null,
+            "next": null
+        }
+    }
+
 Example Mapping Rules
 ---------------------