Your SlideShare is downloading. ×
  • Like
What's new in Havana--Keystone
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

What's new in Havana--Keystone

  • 2,393 views
Published

Part of the "What's New in Havana" Webinar, these slides show what's new in Keystone.

Part of the "What's New in Havana" Webinar, these slides show what's new in Keystone.

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,393
On SlideShare
0
From Embeds
0
Number of Embeds
14

Actions

Shares
Downloads
32
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. What’s New In OpenStack Havana Webcast October 2013
  • 2. OpenStack Identity Service Keystone 36
  • 3. Keystone Role-based Access Control (RBAC) •  More granular policies •  Can be based on aspects of the request such as API request parameters "identity:delete_user": [["role:admin", "domain_id:%(target.user.domain_id)s"]] 37
  • 4. Keystone Role handling •  Assign roles via OAuth 1.0a •  Domain roles can be inherited from project •  Group API 38
  • 5. Keystone Separate projects etc. from authentication •  Projects, roles, etc. follow “assignments” driver •  Users, groups, etc. follow “identity” driver •  Credentials follow “credentials” driver [identity] driver = keystone.identity.backends.ldap.Identity [assignment] driver = keystone.assignment.backends.sql.Assignment 39
  • 6. Keystone Token generation •  Currently PKI or UUID •  Can now be pluggable •  keystone.token.provider.Provider interface can be custom implemented 40
  • 7. Keystone Remote handling of authentication through REMOTE_USER •  Sent by the web server as an environment variable •  Can be disabled (remove "external" from plug-ins list) 41