A Key Distribution Server that release tickets to be used for RPC Messaging Security

Registered by Simo Sorce

MessageSecurity requires a central repository to register service identies, manage grou pof sevices and store shared keys,a s well as provide a ticketing system to allow secure communication between parties (signing and optionally encryption services).
The Key Distribution Server manages the ticketing system and stores shared keys between the Server itself and the registered servies. It may also store temporary group keys.

This server is necessary for the implementation of https://wiki.openstack.org/wiki/MessageSecurity

After https://review.openstack.org/#/c/77701/ this work is being continued in a feature branch:

  https://github.com/openstack/keystone/tree/feature/key-dist

Blueprint information

Status:
Complete
Approver:
Adam Young
Priority:
Undefined
Drafter:
Simo Sorce
Direction:
Needs approval
Assignee:
Jamie Lennox
Definition:
Obsolete
Series goal:
None
Implementation:
Needs Code Review
Milestone target:
None
Started by
Thierry Carrez
Completed by
Morgan Fainberg

Related branches

Sprints

Whiteboard

This is not a Keystone project/spec. Marking as obsolete.

API spec review: https://review.openstack.org/40692

Gerrit topic: https://review.openstack.org/#q,topic:bp/key-distribution-server,n,z

Addressed by: https://review.openstack.org/36674 (merged)
    Add crypto dependency

Addressed by: https://review.openstack.org/36675 (merged)
    Sync-up crypto from oslo-incubator

Addressed by: https://review.openstack.org/37118 (abandoned)
    Initial KDS service

Addressed by: https://review.openstack.org/37119 (abandoned)
    Add group key support

Gerrit topic: https://review.openstack.org/#q,topic:kds-multi-repo,n,z

Addressed by: https://review.openstack.org/39350 (abandoned)
    Initial KDS service

Addressed by: https://review.openstack.org/42774 (abandoned)
    Add support to delete keys and groups

Addressed by: https://review.openstack.org/58124 (draft)
    Initial KDS service

Addressed by: https://review.openstack.org/59600 (merged)
    Sync From OSLO

Addressed by: https://review.openstack.org/59601 (merged)
    Introduce basic Pecan/WSME framework for KDS

Addressed by: https://review.openstack.org/59602 (merged)
    Introduce database functionality into KDS

Addressed by: https://review.openstack.org/59603
    Add cryptographic key storage

Addressed by: https://review.openstack.org/59604
    Add ticket handling to KDS

Addressed by: https://review.openstack.org/59605 (abandoned)
    Add group support to KDS

Addressed by: https://review.openstack.org/59631 (abandoned)
    Update from Global Requirements

Addressed by: https://review.openstack.org/67996 (merged)
    Move KDS paths file

Addressed by: https://review.openstack.org/70902
    Add version routes to KDS

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.