vmware driver support for VMware SSO

Registered by Shawn Hartsock on 2013-08-08

This is part of the overall discussion of security authN/authZ strategies cataloged here:
     https://etherpad.openstack.org/p/vmware_security_strategy

The current driver stores usernames and passwords in plain text. The VMware vSphere and vCenter products have their own SSO system. At the driver level, we should allow a customer to optionally configure the SSO keys and tokens so that they do not have to store the password in plain text on their nova-compute node.

Areas to consider:
* keystone integration with AD plus vCenter integration with AD may solve some user related issues
* keystone integration with vCenter SSO?
* vCenter SSO integration with Keystone?
* can we use long running HoK tokens or other non-password based tokens for authentication?

This may be important to implementing the feature:
https://wiki.openstack.org/wiki/Keystone/Federation/Blueprint#Mode_of_Operation_with_Holder_of_Key_Verification

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Shawn Hartsock
Direction:
Needs approval
Assignee:
None
Definition:
Drafting
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

NOTE: Collaboration and coordination with:

* https://wiki.openstack.org/wiki/Keystone/Federation/Blueprint and
* https://blueprints.launchpad.net/keystone/+spec/federation

It seems like this is still in the design phase. It's not clear what the proposed work is for Nova, so it's premature to approve it for now. Please change the status to "Pending Approval" when you feel it's ready for blueprint review, though. --russellb
NOTE: Collaboration and coordination with:

* https://wiki.openstack.org/wiki/Keystone/Federation/Blueprint and
* https://blueprints.launchpad.net/keystone/+spec/federation

It seems like this is still in the design phase. It's not clear what the proposed work is for Nova, so it's premature to approve it for now. Please change the status to "Pending Approval" when you feel it's ready for blueprint review, though. --russellb

Marking this blueprint as definition: Drafting. If you are still working on this, please re-submit via nova-specs. If not, please mark as obsolete, and add a quick comment to describe why. --johnthetubaguy (20th April 2014)

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.