Difference between revisions of "Nova/AuthManagerSpec"
Line 22: | Line 22: | ||
=== Phase 1 === | === Phase 1 === | ||
+ | |||
+ | [[attachment:auth_phase1.png]] | ||
=== Code Changes === | === Code Changes === |
Revision as of 19:08, 13 May 2011
- Launchpad Entry: NovaSpec:finalize-nova-auth
- Created: May 12, 2011
- Contributors: Brian Waldon, Brian Lamar
Summary
OpenStack needs an authentication/authorization system which will allow for centralization of authentication/authorization credentials. Currently we are investigating Keystone for such a system.
""Author(s):"" John Eo, Khaled Hussein, Ziad Swahala, and more... ""Version Control:"" https://github.com/khussein/keystone
User stories
As a deployer of Nova, I want to use Keystone as my authn/authz backend.
As a deployer of Nova, I want to use the existing authn/authz backend.
As a deployer of Nova, I want it to be painless to transition an existing deployment from the existing database into Keystone.
Implementation
Phase 1
Code Changes
We will ensure Keystone is using compatible/standard methods for it's WSGI/API interface. Currently it is utilizing `bottle` for many WSGI tasks. Updating Keystone to use `webob`, `routes`, and other OpenStack standard WSGI libraries will greatly increase the chances of success for the project.