Difference between revisions of "KeystoneR1"
Line 38: | Line 38: | ||
=== Release 1 - Early June 2011 === | === Release 1 - Early June 2011 === | ||
− | Milestone 1 towards Diablo | + | For goal for Milestone 1 towards Diablo https://launchpad.net/keystone/+milestone/diablo-1 |
− | Rackspace Auth protocol, endpoints, tenants, multiple-tenenats per user | + | # Rackspace Auth protocol, endpoints, tenants, multiple-tenenats per user |
− | + | # [[OpenStack]] use case data flow:https://github.com/khussein/keystone/raw/master/docs/design/flow_diagram.png | |
− | + | # Lock down API. Proposed spec: https://github.com/khussein/keystone/raw/master/keystone/content/identitydevguide.pdf | |
− | |||
− | Proposed | ||
=== Code Changes === | === Code Changes === |
Revision as of 19:53, 24 May 2011
- Launchpad Entry: https://blueprints.launchpad.net/keystone/+spec/openstack-identity-service
- Created:
- Contributors: ziad-sawalha, jorgew, khussein, anotherjesse
Summary
OpenStack Identity service https://launchpad.net/keystone.
Proposed API Spec: https://github.com/khussein/keystone/raw/master/keystone/content/identitydevguide.pdf
See also: Auth Middleware Spec http://wiki.openstack.org/openstack-authn
See also: AuthN+Z spec http://wiki.openstack.org/AuthnAuthz
Release Note
This first release is intended to address existing use cases for authentication and identity in Nova and Swift (and planned integration with Glance and other core or affiliated services). The goal is to be able to download the set of OpenStack services and be able to run them as an integrated suite. Keystone will provide the common identity components (user store, authentication service, endpoint management, and middleware to integrate with services.
Rationale
For OpenStack to be a cohesive suite, a common identity store and integration middleware is needed.
User stories
- As someone considering OpenStack, I can download the code, follow simple instructions, and get the stack up and running to test the capabilities and APIs and play around with the dashboard and mobile apps without heavy, external dependencies.
- As a service developer, I don't need to develop authentication code. I just plug in the Keystone middleware and my service can support a variety of pluggable authentication protocols and identity providers.
Assumptions
Design
Python service modeled after other OpenStack services. Using pluggable protocol and backend model (see Burrow), WSGI, and eventlet.
Support Rackspace Auth http://docs.rackspacecloud.com/files/api/v1/cfdevguide_d5/content/ch03s01.html protocol.
AnyScale - runs on one laptop and can be scaled for production load.
Implementation
Release 1 - Early June 2011
For goal for Milestone 1 towards Diablo https://launchpad.net/keystone/+milestone/diablo-1
- Rackspace Auth protocol, endpoints, tenants, multiple-tenenats per user
- OpenStack use case data flow:https://github.com/khussein/keystone/raw/master/docs/design/flow_diagram.png
- Lock down API. Proposed spec: https://github.com/khussein/keystone/raw/master/keystone/content/identitydevguide.pdf
Code Changes
New code for Keystone service.
Adapters and patches to Nova, Swift, and Glance
Test/Demo Plan
Tests will be included in code.
BoF agenda and discussion
See project Keystone; https://launchpad.net/keystone on Launchpad for list of links to Etherpad and other discussions.