Jump to: navigation, search

Nova/AuthManagerSpec

< Nova
Revision as of 19:22, 13 May 2011 by Brian (talk)
  • Launchpad Entry: NovaSpec:finalize-nova-auth
  • Created: May 12, 2011
  • Contributors: Brian Waldon, Brian Lamar

Summary

OpenStack needs an authentication service which will allow for centralization of authentication credentials. Currently we are investigating Keystone for such a system:

User stories

As a deployer of Nova, I want to use Keystone to store authentication credentials.

As a deployer of Nova, I want to use the existing OpenStack authentication credentials.

As a deployer of Nova, I want it to be painless to transition an existing deployment from the existing database into Keystone.

Implementation

Phase 1

{{http://wiki.openstack.org/Nova/AuthManagerSpec?action=AttachFile&do=get&target=auth_phase1.png}}

Description of Phase 1 Items

Steps to Complete Phase 1

  1. Creation/completion of "OpenStack API Authentication Middlware" (potentially alternatively called "Token Authentication Middleware" in Keystone.
  2. Creation/completion of "EC2 API Authentication Middleware" in Keystone.
  3. Creation of "Authentication Migration Middleware" in OpenStack Nova.
  4. Ensure Keystone is using OpenStack-compatible libraries for it's WSGI/API interface.

Phase 2

Looking ahead to Phase 2, much of the current authentication code in OpenStack will be able to be removed and keystone library calls will replace the existing authentication code.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Nova/AuthManagerSpec&oldid=4342"