SSOOpenID

= OpenStack SSO - Authentication Project =

OpenStack requires an authentication solution to tie all of its web properties together under a single sign-on. This project aims at addressing basic authentication use cases:


 * as a new contributor to OpenStack I want to create a Foundation Member account on openstack.org and use the same credential to sign up/sign in on all of *.openstack.org services
 * as a participant to a user group I want to create a Regular Member account on openstack.org and use the same credential to sign up/sign in on all of *.openstack.org services
 * as a user responding to the User Survey I want to create a Regular Member account on openstack.org and use that credential the same credential to sign up/sign in on all of *.openstack.org services

History of the project
When the project started, Launchpad was chosen as the platform to manage all its development purposes. During the years, Launchpad has become less used and in October 2013 it's mainly used for tracking issues, basic project management with blueprints and as a general provider of identity for other services, like the review system, jenkins.

= Implementation =

Given the need for most of OpenStack’s existing web properties to connect with OpenID 2.0, we opt for sticking with a single authentication method so that we can achieve SSO across all web properties. The OpenStack Foundation has contracted Tipit to develop this system following OpenId 2.0's specifications below:


 * http://openid.net/specs/openid-authentication-2_0.html
 * http://openid.net/specs/openid-attribute-exchange-1_0.html
 * http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html

Additionally, there is a need for an authorization solution (A2) to exchange data amongst the web properties in order to track code commits, company participation, user group participation, etc…

Blueprints
All relevant blueprints are listed as dependency on the SSO OpenID Provider.

OpenStack web properties using OpenID 2

 * 1) review.openstack.org
 * 2) summit.openstack.org
 * 3) wiki.openstack.org
 * 4) ask.openstack.org (but can accept other OpenID providers and Oauth)
 * 5) jenkins.openstack.org
 * 6) groups.openstack.org (under development)
 * 7) launchpad.net (bugs and blueprints)

Launchpad is not a consumer of OpenID, therefore to create and updated bugs/blueprints it will be necessary to have a Launchpad specific account.