Security/Kilo

WORK IN PROGRESS

This page aims to capture an overview of security related information for integrated projects in the OpenStack Kilo release. The information that this intends to capture is:


 * Implemented cryptography - what cryptography is implemented directly in an OpenStack project.
 * Used cryptography - what external libraries are used that perform cryptographic operations.
 * Encryption algorithms - what encryption algorithms are used, and what are they used for.
 * Hashing algorithms - what hashing algorithms are used, and what are they used for.
 * Sensitive data - What sensitive data is handled by a project, and how is it protected.

Goals
The above information is often requested by those deploying OpenStack to see if it meets their security requirements. Having this information collected in one place makes this task much easier. Collecting this security information also allows us to identify where security is weakest within OpenStack, which can be used by developers to identify security related improvements that can be implemented in future releases.

It is important to note that this effort is currently a work in progress. Information may be incomplete and/or incorrect. The goal is that each project development team will help to review, document, and keep the information related to their project up to date for each release. After completing an initial review, this task should not be too time consuming if it is updated as development takes place that changes things from a security perspective.

Integrated Projects

 * Compute (Nova)
 * Object Storage (Swift)
 * Image Service (Glance)
 * Identity (Keystone)
 * Dashboard (Horizon)
 * Networking (Neutron)
 * Block Storage (Cinder)
 * Telemetry (Ceilometer)
 * Orchestration (Heat)
 * Database Service (Trove)
 * Common Libraries (Oslo)
 * Deployment (TripleO)
 * Data Processing (Sahara)

Incubated Projects

 * Bare Metal (Ironic)
 * Key Management (Barbican)
 * Queue Service (Marconi)

Stackforge Projects

 * Solum