1 message in org.openstack.lists.openstack-dev[openstack-dev] Keystone Grizzly Plan...| From | Sent On | Attachments |
|---|---|---|
| heckj | Nov 6, 2012 1:13 pm |
| Subject: | [openstack-dev] Keystone Grizzly Planning | |
|---|---|---|
| From: | heckj (hec...@mac.com) | |
| Date: | Nov 6, 2012 1:13:14 pm | |
| List: | org.openstack.lists.openstack-dev | |
Howdy all,
Like the other projects, I wanted to provide an overview of what's looking to
happen in Keystone over the grizzly release cycle.
From the summit, we had the state of the project slides, which might be of
interest: http://www.slideshare.net/ccjoe/oct-2012-state-of-project-keystone
Since then, we've been working on fleshing out more details around those initial
discussions, and we've been correlating who's working on what to get an overview
of what's coming up for Keystone. If you're into reading raw notes, take a look
at https://etherpad.openstack.org/keystone-grizzly-plans. For those looking for
more of a tl;dr:
grizzly-1 plans: * merging in V3 API work - "tech preview" https://blueprints.launchpad.net/keystone/+spec/implement-v3-core-api
* move auth_token middleware to keystoneclient repo https://blueprints.launchpad.net/keystone/+spec/authtoken-to-keystoneclient-repo
* AD LDAP extensions https://blueprints.launchpad.net/keystone/+spec/ad-ldap-identity-backend
* enabling policy & RBAC access for V3 API https://blueprints.launchpad.net/keystone/+spec/rbac-keystone-api
grizzly-2 plans: * pre-authenticated token https://blueprints.launchpad.net/keystone/+spec/pre-auth
* plugable authentication handlers https://blueprints.launchpad.net/keystone/+spec/pluggable-identity-authentication-handlers
* consolidated policy documentation/recommendations https://blueprints.launchpad.net/keystone/+spec/document-deployment-suggestions-policy
* PKI future work https://blueprints.launchpad.net/keystone/+spec/delegation - starting into delegation, signing of tokens - annotations on signing for authorization
grizzly-3 plans: * delegation https://blueprints.launchpad.net/keystone/+spec/delegation
* multifactor authN https://blueprints.launchpad.net/keystone/+spec/multi-factor-authn
Much of the work and desires around Delegation has yet to be fully defined and
nailed down, and relies on a lot of additions in making PKI based tokens a
stable, solid, default mechanism. I'm sure there will be some redirection once
we get a few weeks down the road and see what's happening with the V3 API
rollout and PKI token extensions to support delegation, pre-auth, and so forth.
_______________________________________________ OpenStack-dev mailing list Open...@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev