PKI Support for Authentication and Delegation
Registered by
Adam Young
Thus, this blueprint describes an overall PKI approach for securing an OpenStack deployment. Authentication in OpenStack is a two part mechanism. The first stage is when the user makes the initial authentication to Keystone, which results in the issue of a token. The second is the use of the token to provide single sign on and delegated authentication throughout the OpenStack cluster. PKI can improve the security of the first stage. It can both help security and scalability of the second.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- High
- Drafter:
- Adam Young
- Direction:
- Approved
- Assignee:
- Adam Young
- Definition:
- Approved
- Series goal:
- Accepted for folsom
- Implementation:
- Implemented
- Milestone target:
- 2012.2
- Started by
- Joseph Heck
- Completed by
- Thierry Carrez
Related branches
Related bugs
Sprints
Whiteboard
Significant notes originally in bug: https:/
(?)