OpenStack Identity (Keystone)

Blueprint assignments for “Keystone”

This listing shows the assignment of work for blueprints currently associated with Keystone. The drafter is responsible for getting the specification correctly written up and approved. The approver is usually the person who would sign off on the specification.

1120 of 120 specifications
Priority Name Definition Delivery Assignee Drafter Approver
4 High Ensure an entity ID allows routing of API call to correct backend 4 Discussion 8 Beta Available Henry Nash Henry Nash
4 High Hierarchical Multitenancy 5 New 1 Not started Dolph Mathews
3 Medium A Key Distribution Server that release tickets to be used for RPC Messaging Security 0 Approved 9 Needs Code Review Jamie Lennox Simo Sorce Adam Young
3 Medium Allow clients to track requests through strings in headers 0 Approved 1 Not started Joseph Heck Joseph Heck
3 Medium Collapse of SQL Migrations to 2 cycles 0 Approved 9 Needs Code Review Morgan Fainberg Morgan Fainberg
3 Medium Keystone rate limiting 3 Drafting 8 Beta Available Rafael Durán Castañeda
3 Medium Providing temporary access to objects 3 Drafting 1 Not started Guang Yee Guang Yee
3 Medium Access Key Authentication 4 Discussion 1 Not started Fabio Giannetti Guang Yee
3 Medium Use Certmonger to manage the certificates for Keystone 4 Discussion 0 Unknown Adam Young
3 Medium Publish JSON Schemas for requests 4 Discussion 1 Not started
3 Medium Extend notifications to catalog (services and endpoints) 5 New 1 Not started Fabio Giannetti Fabio Giannetti
3 Medium Make role-assignment a first class entity 5 New 1 Not started Henry Nash Henry Nash
3 Medium Rationalize our SQL/LDAP backend testing 5 New 1 Not started Henry Nash Henry Nash
3 Medium Use common code from Oslo for work with database 5 New 7 Good progress Ilya Pekelny Victor Sergeyev
2 Low Deprecated Functionality (Juno Edition) 0 Approved 1 Not started Keystone Drivers Morgan Fainberg Keystone Drivers
2 Low Document backend implementation 0 Approved 5 Started Joseph Heck Joseph Heck Joseph Heck
2 Low Classes, Methods, etc Removed as of the Juno Release 0 Approved 5 Started Keystone Drivers Morgan Fainberg Morgan Fainberg
2 Low Distributed signing of Keystone Tokens 3 Drafting 1 Not started Adam Young Adam Young Joseph Heck
2 Low Provide a DNS backend to the Service Catalog 3 Drafting 1 Not started Adam Young
2 Low Allow additional data to be requested for API GET calls to minimise N+1 performance problem 3 Drafting 1 Not started Henry Nash Henry Nash
2 Low Inadequate Account Lockout in Keystone 3 Drafting 1 Not started
2 Low User password expiration support 3 Drafting 1 Not started Ilya Kharin Oleg S. Gelbukh
2 Low Encrypt OAuth access keys 4 Discussion 0 Unknown Dolph Mathews Dolph Mathews
2 Low Add validation logic for User creation 5 New 0 Unknown Joseph Heck
2 Low Periodically flush the expired tokens 5 New 9 Needs Code Review Thomas Bechtold
2 Low Remove s3token from keystone and move it to swift3 5 New 0 Unknown
2 Low Reserve database migrations for stable/icehouse backports 5 New 7 Good progress Dolph Mathews
2 Low runtest.sh should have a parameter "--debug" for debuging test case 5 New 0 Unknown Adam Young Adam Young Adam Young
2 Low Service relationships 5 New 0 Unknown Joe Savak
2 Low PAM for SQL Identity 5 New 0 Unknown Ken Thomas
1 Undefined Basic-Auth 1 Pending Approval 0 Unknown Adam Young Adam Young
1 Undefined Extend pagination into the identity backends wherever possible to improve scaling and performance 2 Review 9 Needs Code Review Henry Nash Henry Nash
1 Undefined Bulk operations for keystone 3 Drafting 0 Unknown Joshua Harlow
1 Undefined OpenID connect as A Federated IdP protocol 3 Drafting 0 Unknown
1 Undefined Service-scoped tokens and role assignments 3 Drafting 1 Not started Arvind Tiwari Arvind Tiwari
1 Undefined Authentication, Authorization and Domain Archiecture 4 Discussion 0 Unknown Henry Nash
1 Undefined capture keystone performance benchmarks 4 Discussion 1 Not started Joseph Heck Joseph Heck Joseph Heck
1 Undefined Allow a token to be scoped to many projects in the v3 spec 4 Discussion 1 Not started Joe Savak Joseph Heck
1 Undefined Issue identity scoped (unscoped) token if default project is invalid 4 Discussion 1 Not started Guang Yee
1 Undefined ABFAB Support for Federated Identity 5 New 0 Unknown Vincent Giersch Adam Young
1 Undefined Handling ACLs that use UserIDs in Federated Keystone 5 New 8 Beta Available Kristy Siu David Chadwick
1 Undefined Add CRUD operations in the openstackclient 5 New 0 Unknown Marek Denis Marek Denis
1 Undefined Convert SQL migrations to use Alembic 5 New 1 Not started Adam Young Adam Young
1 Undefined Permit NSS as alternative crypto provider 5 New 0 Unknown John Dennis
1 Undefined Allow SQL backends to have their own databases 5 New 0 Unknown Morgan Fainberg
1 Undefined Api Based Layout 5 New 0 Unknown Jamie Lennox Jamie Lennox
1 Undefined Attribute access privilege based on role 5 New 0 Unknown Arvind Tiwari
1 Undefined Attribute Based Access Control Model 5 New 0 Unknown UTSA-ICS Xin Jin
1 Undefined Custom Auth plugin for openID Connect 5 New 0 Unknown Steve Martinelli Steve Martinelli
1 Undefined Client SSL certificate authorization 5 New 0 Unknown
1 Undefined Support Compression of the PKI token 5 New 0 Unknown Adam Young Adam Young
1 Undefined Create a unified request identifier 5 New 0 Unknown Tiago Rodrigues de Mello Tiago Rodrigues de Mello
1 Undefined Work plans for establishing sets of delgations 5 New 0 Unknown Adam Young Adam Young
1 Undefined Deprecate pki_setup and ssl_setup 5 New 0 Unknown Adam Young
1 Undefined Discoverable and Hierarchical Catalog 5 New 0 Unknown Fabio Giannetti
1 Undefined Document v2 to v3 API migration strategy 5 New 0 Unknown Dolph Mathews
1 Undefined Domain-Level Trusts 5 New 0 Unknown Bo Tang
1 Undefined Dynamic filter discovery on REST API 5 New 0 Unknown Arvind Tiwari Arvind Tiwari
1 Undefined generate ec2 keypairs from tokens 5 New 7 Good progress Matthieu Huin
1 Undefined Client preferences for encryption algorithm and key sizes should be specifiable 5 New 0 Unknown Malini Bhandaru
1 Undefined endpoint-scoped-tokens 5 New 0 Unknown Arvind Tiwari Arvind Tiwari
1 Undefined Ephemeral PKI tokens 5 New 7 Good progress Morgan Fainberg
1 Undefined Expand the caching layer in keystone 5 New 1 Not started Morgan Fainberg Morgan Fainberg
1 Undefined External authentication plugins 5 New 0 Unknown Brant Knudson
1 Undefined Allow a subset of tests to fail 5 New 0 Unknown David Stanek Adam Young
1 Undefined Filter endpoints by region 5 New 0 Unknown
1 Undefined filter users by projects using keystone v3 5 New 7 Good progress Raildo Mascena de Sousa Filho Raildo Mascena de Sousa Filho
1 Undefined Fine-Grained Access Control 5 New 4 Blocked
1 Undefined Generic Signature Validation 5 New 5 Started Nachiappan Nachiappan
1 Undefined Hierarchical administrative boundary 5 New 0 Unknown Arvind Tiwari
1 Undefined Add new v3 resource to provide for Kerberos authentication 5 New 0 Unknown Rob Crittenden Rob Crittenden
1 Undefined Pecan in Keystone 5 New 0 Unknown Jamie Lennox
1 Undefined Python 3 compatibility 5 New 7 Good progress ChangBo Guo(gcb) ChangBo Guo(gcb)
1 Undefined Move functional tests into their own repository 5 New 0 Unknown Adam Young
1 Undefined Keystone token reuse 5 New 0 Unknown Matthew J Black
1 Undefined Use object creation templates for creation of users, tenants, etc. 5 New 0 Unknown
1 Undefined Support for LDAP posixGroups with the 'user_member_attribute' setting 5 New 0 Unknown Brandon Miles Brandon Miles
1 Undefined V3 APIs in LDAP assignment backend 5 New 0 Unknown Adam Young
1 Undefined Add timestamp to User, Project, etc. models 5 New 0 Unknown Gabriel Hurley
1 Undefined Add more code style automation 5 New 0 Unknown David Stanek David Stanek
1 Undefined Create multi-attribute based endpoint groups for projects and user assignments 5 New 0 Unknown Fabio Giannetti Fabio Giannetti
1 Undefined Using OAuth and/or OpenID Connect for Federated Access to OpenStack/Keystone 5 New 0 Unknown David Chadwick
1 Undefined Re-introduce pagination 5 New 0 Unknown
1 Undefined PAM authentication pluging 5 New 0 Unknown DiegoWoitasen DiegoWoitasen
1 Undefined Password Rotation and Credential Lifecycle 5 New 7 Good progress David Stanek Fabio Giannetti
1 Undefined periodically flush expired token 5 New 1 Not started yong sheng gong yong sheng gong
1 Undefined Convert Token Provider into Pipeline 5 New 0 Unknown Adam Young
1 Undefined Allow prefixes other than 'identity:' for policy.json 5 New 0 Unknown Morgan Fainberg
1 Undefined Associate and Select policy for endpoint 5 New 0 Unknown Adam Young
1 Undefined Restrictions on User-Role Assignment 5 New 0 Unknown Xin Jin Xin Jin
1 Undefined Identity API resources to get lists of users or groups with certain role in project or domain 5 New 0 Unknown Alexander Pugachev Alexander Pugachev Dolph Mathews
1 Undefined Scope access to Credentials by Project 5 New 0 Unknown Adam Young
1 Undefined Get Keystone Running in Python 3 5 New 0 Unknown David Stanek David Stanek
1 Undefined Restructure Tests 5 New 0 Unknown David Stanek David Stanek
1 Undefined Revokcation vents using integers, not UUIDs 5 New 0 Unknown Adam Young
1 Undefined Re-order terms in role assignment API URLs 5 New 0 Unknown Henry Nash Henry Nash
1 Undefined A Role Mapping Service for the Keystone Identity Server 5 New 8 Beta Available Kristy Siu
1 Undefined SAML Logout Keystone Token Revocation Support 5 New 0 Unknown Brad Topol Dolph Mathews
1 Undefined Puppet module to secure an OpenStack installation with SSL 5 New 0 Unknown Rob Crittenden Rob Crittenden
1 Undefined Enable response data segmentation for UI clients 5 New 0 Unknown Fabio Giannetti Fabio Giannetti
1 Undefined Service Isolation and Roles Delegation 5 New 0 Unknown
1 Undefined service metadata 5 New 0 Unknown
1 Undefined Service_id binding with role definition 5 New 0 Unknown Arvind Tiwari Arvind Tiwari
1 Undefined Use BINARY(16) for ID columns in SQL backends 5 New 1 Not started Dolph Mathews
1 Undefined SSSD Identity Backend 5 New 0 Unknown Adam Young Adam Young
1 Undefined Require/enforce strong admin/users passwords in built-in Identity Service 5 New 0 Unknown Cristian Fiorentino Cristian Fiorentino
1 Undefined Temporary User Creation in Federated Keystone 5 New 8 Beta Available Kristy Siu David Chadwick
1 Undefined Adding temporary user provisioning to Keystone 5 New 0 Unknown Kristy Siu David Chadwick
1 Undefined Tenant start and end dates 5 New 0 Unknown Cristian A Sanchez
1 Undefined quotas on number of users and projects per domain 5 New 0 Unknown
1 Undefined Token issuance should be a pipeline 5 New 1 Not started
1 Undefined Store the token HASH in Secure Cookie for HTML clients 5 New 0 Unknown Adam Young
1 Undefined Unit Tests Running Against A Real RDBMS 5 New 0 Unknown David Stanek
1 Undefined Update Default Policy for Keystone 5 New 0 Unknown Adam Young
1 Undefined Update the Default Policy to the rules in the cloud sample 5 New 1 Not started Adam Young
1 Undefined Keystone should use keystoneclient authtoken middleware 5 New 0 Unknown Jamie Lennox
1 Undefined Managing Virtual Organisations in Keystone 5 New 0 Unknown Kristy Siu David Chadwick
0 Not Effiecintly Check Token against revocation list 1 Pending Approval 0 Unknown Adam Young Adam Young
0 Not Keystone should respond to Web Browser with HTML 5 New 0 Unknown Adam Young Adam Young
0 Not Revert multiple-ldap-servers 5 New 1 Not started Dolph Mathews
1120 of 120 specifications