PKI Support for Authentication and Delegation

Registered by Adam Young on 2012-03-14

Thus, this blueprint describes an overall PKI approach for securing an OpenStack deployment. Authentication in OpenStack is a two part mechanism. The first stage is when the user makes the initial authentication to Keystone, which results in the issue of a token. The second is the use of the token to provide single sign on and delegated authentication throughout the OpenStack cluster. PKI can improve the security of the first stage. It can both help security and scalability of the second.

Blueprint information

Status:
Complete
Approver:
None
Priority:
High
Drafter:
Adam Young
Direction:
Approved
Assignee:
Adam Young
Definition:
Approved
Series goal:
Accepted for folsom
Implementation:
Implemented
Milestone target:
milestone icon 2012.2
Started by
Joseph Heck on 2012-07-10
Completed by
Thierry Carrez on 2012-08-21

Related branches

Sprints

Whiteboard

Significant notes originally in bug: https://bugs.launchpad.net/keystone/+bug/928047

(?)

Work Items