Discussion on what Keystone needs for large scale and public cloud providers

Running OpenStack for a public cloud provider is complicated, but keystone provides a lot of unique challenges in this space. While running a large scale private cloud has different requirements, large scale clouds in enterprise environments tend to have similar requirements to those of public clouds. The three endpoints of the service catalog, authentication, and authorization are probably the most used endpoints in a public cloud environment and keystone does not necessarily fit well for these endpoints in large providers. There are also some major functionality concepts which are missing (like delegation and user created access control lists). Some of these may have already been addresses by previous work. In some cases it may just be a lack of documentation and status update in order to move forward. I would like to have a discussion with large cloud providers who do and do not use Keystone to determine a research and development roadmap for Icehouse. The goals of this being:

* Discussion of previous work that may need more effort and/or external project integration (trusts, kent, etc)
* A list of what additional features/technologies Keystone needs to be used by Enterprise deployments
* A list of what additional features/technologies Keystone needs to be used by Public Cloud deployments
* A discussion on what technologies can be better leveraged instead of re-inventing the wheel
* Some discussion of deployment strategies and pain points for large scale use cases