OpenStack Identity (keystone)

PKI Support for Authentication and Delegation

Registered by Adam Young on 2012-03-14

Thus, this blueprint describes an overall PKI approach for securing an OpenStack deployment. Authentication in OpenStack is a two part mechanism. The first stage is when the user makes the initial authentication to Keystone, which results in the issue of a token. The second is the use of the token to provide single sign on and delegated authentication throughout the OpenStack cluster. PKI can improve the security of the first stage. It can both help security and scalability of the second.

Read the full specification

Blueprint information

Status:: Complete

Approver:: None

Priority:: High

Drafter:: Adam Young

Direction:: Approved

Assignee:: Adam Young

Definition:: Approved

Series goal:: Accepted for folsom

Implementation:: Implemented

Milestone target:: 2012.2

Started by: Joseph Heck on 2012-07-10

Completed by: Thierry Carrez on 2012-08-21

Related branches

Related bugs

Sprints

Whiteboard

Significant notes originally in bug: https://bugs.launchpad.net/keystone/+bug/928047

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Alvaro Lopez

Andy Edmonds

Björn Hagemeier

Drew

groser

Guang Yee

Jose Castro Leon

Michal Balinski

Mohammad

Nathanael Burton

NetApp

Ralf Haferkamp

Yaguang Tang

yong sheng gong