What's new in Havana--Keystone
Upcoming SlideShare
Loading in...5
×
 

What's new in Havana--Keystone

on

  • 2,667 views

Part of the "What's New in Havana" Webinar, these slides show what's new in Keystone.

Part of the "What's New in Havana" Webinar, these slides show what's new in Keystone.

Statistics

Views

Total Views
2,667
Views on SlideShare
1,166
Embed Views
1,501

Actions

Likes
2
Downloads
31
Comments
0

11 Embeds 1,501

http://www.mirantis.com 1415
http://cloud.feedly.com 30
https://www.mirantis.com 28
http://feedly.com 12
http://www.newsblur.com 6
http://xianguo.com 3
http://ha.mirantis.com 3
http://digg.com 1
http://www.feedreader.com 1
http://staging.mirantis.com 1
http://www.tuicool.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

What's new in Havana--Keystone Presentation Transcript

  • 1. What’s New In OpenStack Havana Webcast October 2013
  • 2. OpenStack Identity Service Keystone 36
  • 3. Keystone Role-based Access Control (RBAC) •  More granular policies •  Can be based on aspects of the request such as API request parameters "identity:delete_user": [["role:admin", "domain_id:%(target.user.domain_id)s"]] 37
  • 4. Keystone Role handling •  Assign roles via OAuth 1.0a •  Domain roles can be inherited from project •  Group API 38
  • 5. Keystone Separate projects etc. from authentication •  Projects, roles, etc. follow “assignments” driver •  Users, groups, etc. follow “identity” driver •  Credentials follow “credentials” driver [identity] driver = keystone.identity.backends.ldap.Identity [assignment] driver = keystone.assignment.backends.sql.Assignment 39
  • 6. Keystone Token generation •  Currently PKI or UUID •  Can now be pluggable •  keystone.token.provider.Provider interface can be custom implemented 40
  • 7. Keystone Remote handling of authentication through REMOTE_USER •  Sent by the web server as an environment variable •  Can be disabled (remove "external" from plug-ins list) 41