Difference between revisions of "KeystoneR1"

Latest revision as of 23:29, 17 February 2013

Launchpad Entry: https://blueprints.launchpad.net/keystone/+spec/openstack-identity-service
Created:
Contributors: ziad-sawalha, jorgew, khussein, anotherjesse

Summary

Keystone is a proposed OpenStack Identity service https://launchpad.net/keystone.

This page talks to features we intend to include in the first release.

API Spec: http://docs.openstack.org/incubation/identity-dev-guide/content/]] (source is here: [[http://code.launchpad.net/openstack-manuals)

Release Note

This first release is intended to address existing use cases for authentication and identity in Nova and Swift (and planned integration with Glance and other core or affiliated services). The goal is to be able to download the set of OpenStack services and be able to run them as an integrated suite. Keystone will provide the common identity components (user store, authentication service, endpoint management, and middleware to integrate with services.

Rationale

For OpenStack to be a cohesive suite, a common identity store and integration middleware is needed.

User stories

As someone considering OpenStack, I can download the code, follow simple instructions, and get the stack up and running to test the capabilities and APIs and play around with the dashboard and mobile apps without heavy, external dependencies.
As a service developer, I don't need to develop authentication code. I just plug in the Keystone middleware and my service can support a variety of pluggable authentication protocols and identity providers.
As a service, I can register myself with Keystone and provide a list of roles and endpoints that allow authenticated clients to locate me and to grant users RBAC access to my operations.
As a developer, I can load Keystone on my machine and manage a local identity store without having to connect to an external or enterprise directory.

Design

Python service modeled after other OpenStack services. Using pluggable protocol and backend model (see Burrow), WSGI, and eventlet.

Support Rackspace Auth http://docs.rackspacecloud.com/files/api/v1/cfdevguide_d5/content/ch03s01.html protocol.

AnyScale - runs on one laptop and can be scaled for production load.

Implementation

Release 1 - Early June 2011

For goal for Milestone 1 towards Diablo https://launchpad.net/keystone/+milestone/diablo-1

Rackspace Auth protocol, endpoints, tenants, multiple-tenenats per user
OpenStack use case data flow:https://github.com/rackspace/keystone/raw/master/docs/design/flow_diagram.png
Lock down API. Proposed spec: http://docs.openstack.org/incubation/identitydevguide/content/
Extensions for managing a local identity store.
Integration into Nova: http://wiki.openstack.org/Nova/AuthManagerSpec

Code Changes

New code for Keystone service.

Adapters and patches to Nova, Swift, and Glance

Test/Demo Plan

Tests will be included in code.

BoF agenda and discussion

See project Keystone; https://launchpad.net/keystone on Launchpad for list of links to Etherpad and other discussions.

@@ Line 1: / Line 1: @@
-__NOTOC__
-* '''Launchpad Entry''': [[KeystoneSpec]]:openstack-identity-service [[NovaSpec]]:authn_authz
+* '''Launchpad Entry''': https://blueprints.launchpad.net/keystone/+spec/openstack-identity-service
 * '''Created''':
-* '''Contributors''': ziad-sawalha anotherjesse khussein jorgew
+* '''Contributors''': ziad-sawalha, jorgew, khussein, anotherjesse
 == Summary ==
-[[OpenStack]] Identity service.
+Keystone is a proposed OpenStack Identity service https://launchpad.net/keystone.
+This page talks to features we intend to include in the first release.
+API Spec: http://docs.openstack.org/incubation/identity-dev-guide/content/]] (source is here: [[http://code.launchpad.net/openstack-manuals)
+See also:
+* Auth Middleware Spec http://wiki.openstack.org/openstack-authn
+* Discussion (older): http://plansthis.com/auth
+* Discussion (newer): http://etherpad.openstack.org/authauthauth
+* Conversations: https://github.com/khussein/keystone/issues
 == Release Note ==
@@ Line 11: / Line 23: @@
 == Rationale ==
-For [[OpenStack]] to be a cohesive suite, a common identity store and integration middleware is needed.
+For OpenStack to be a cohesive suite, a common identity store and integration middleware is needed.
 == User stories ==
-As someone considering [[OpenStack]], I can download the code, follow simple instructions, and get the stack up and running to test the capabilities and APIs and play around with the dashboard and mobile apps without heavy, external dependencies.
+* As someone considering OpenStack, I can download the code, follow simple instructions, and get the stack up and running to test the capabilities and APIs and play around with the dashboard and mobile apps without heavy, external dependencies.
+* As a service developer, I don't need to develop authentication code. I just plug in the Keystone middleware and my service can support a variety of pluggable authentication protocols and identity providers.
+* As a service, I can register myself with Keystone and provide a list of roles and endpoints that allow authenticated clients to locate me and to grant users RBAC access to my operations.
+* As a developer, I can load Keystone on my machine and manage a local identity store without having to connect to an external or enterprise directory.
-As a service developer, I don't need to develop authentication code. I just plug in the Keystone middleware and my service can support a variety of pluggable authentication protocols and identity providers.
+== Design ==
-== Assumptions ==
+Python service modeled after other [[OpenStack]] services. Using pluggable protocol and backend model (see Burrow), WSGI, and eventlet.
-== Design ==
+Support Rackspace Auth http://docs.rackspacecloud.com/files/api/v1/cfdevguide_d5/content/ch03s01.html protocol.
-You can have subsections that better describe specific parts of the issue.
+[[AnyScale]] - runs on one laptop and can be scaled for production load.
 == Implementation ==
-This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like:
+=== Release 1 - Early June 2011 ===
-=== UI Changes ===
+For goal for Milestone 1 towards Diablo https://launchpad.net/keystone/+milestone/diablo-1
-Should cover changes required to the UI, or specific UI that is required to implement this
+# Rackspace Auth protocol, endpoints, tenants, multiple-tenenats per user
+# [[OpenStack]] use case data flow:https://github.com/rackspace/keystone/raw/master/docs/design/flow_diagram.png
+# Lock down API. Proposed spec: http://docs.openstack.org/incubation/identitydevguide/content/
+# Extensions for managing a local identity store.
+# Integration into Nova: http://wiki.openstack.org/Nova/AuthManagerSpec
 === Code Changes ===
-Code changes should include an overview of what needs to change, and in some cases even the specific details.
+New code for Keystone service.
-=== Migration ===
+Adapters and patches to Nova, Swift, and Glance
-Include:
-* data migration, if any
-* redirects from old URLs to new ones, if any
-* how users will be pointed to the new way of doing things, if necessary.
 == Test/Demo Plan ==
-This need not be added or completed until the specification is nearing beta.
+Tests will be included in code.
-== Unresolved issues ==
-This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.
 == BoF agenda and discussion ==
-Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.
+See project Keystone; https://launchpad.net/keystone on Launchpad for list of links to Etherpad and other discussions.
 ----
 [[Category:Spec]]