Security/Juno/Marconi - OpenStack

Jump to: navigation, search

< Security‎ | Juno

Revision as of 23:05, 10 June 2014 by Kgriffs (talk | contribs) (→‎Libraries)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page documents security related details for the Marconi project in the OpenStack Juno release.

Contents

1 Implemented Crypto
2 Used Crypto
3 Sensitive Data
- 3.1 Keys/Certificates
- 3.2 Passwords
4 Potential Improvements

Implemented Crypto

None. We would like to implement message signing for the K cycle, though. (TBD)

Used Crypto

Libraries

Marconi's only crypto is in the keystone middleware and in libraries that are used by backend drivers.

Keystone

Marconi uses the standard Keystone WSGI middleware for authentication.

Backends

Marconi currently relies on pymongo and SQLAlchemy to implement storage drivers. SQLAlchemy is only used for development, and will likely be removed at the end of the Juno cycle. On the other hand, pymongo will be retained. It uses Python's standard "ssl" package (source).

During Juno we are also experimenting with Redis, AMQP, and Kafka drivers.

The AMQP driver will use the Python bindings for qpid-proton, which uses OpenSSL.
Redis does not natively support TLS. It may be added by a proxy, but we are not planning on adding support for that to the Marconi driver at this time.
Kafka does not appear to support TLS either.

Encryption Algorithms

Algorithm	Purpose	Configurable	Implementation	Details	Source

Hashing Algorithms

Algorithm	Purpose	Configurable	Implementation	Details	Source

Sensitive Data

Keys/Certificates

Passwords

Potential Improvements

Retrieved from "https://wiki.openstack.org/w/index.php?title=Security/Juno/Marconi&oldid=55464"