openstack team mailing list archive

Thread
Date

Re: OpenStack Identity: Keystone API Proposal

To: "Rouault, Jason (Cloud Services)" <jason.rouault@xxxxxx>, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx>
Date: Wed, 22 Jun 2011 04:55:17 +0000
Accept-language: en-US
In-reply-to: <513F883319B0DC409C71C85001EFCE57026130@G9W0761.americas.hpqcorp.net>
Thread-index: AQHMJ8WIer0EutWH00uLFVYolUf+IZS+ge/AgApfqwA=
Thread-topic: OpenStack Identity: Keystone API Proposal
User-agent: Microsoft-MacOutlook/14.10.0.110310

There isn't a plan, but an acknowledgement that we'll have to go there. Right now we're trying to avoid authorization as much as possible because of the complexity involved and the distraction it would be from the initial goal; providing one, common authentication service for OpenStack core services.

From: "Rouault, Jason (Cloud Services)" <jason.rouault@xxxxxx<mailto:jason.rouault@xxxxxx>>
Date: Wed, 15 Jun 2011 14:32:22 +0000
To: Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx<mailto:ziad.sawalha@xxxxxxxxxxxxx>>, "openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>" <openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>>
Subject: RE: OpenStack Identity: Keystone API Proposal

Is there a plan to also have Keystone be the centralizing framework around authorization?   Right now it looks like policy enforcement is left to the API layer.

Thanks,

Jason

From: openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx<mailto:openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx> [mailto:openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ziad Sawalha
Sent: Friday, June 10, 2011 5:24 PM
To: openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Subject: [Openstack] OpenStack Identity: Keystone API Proposal

Time flies! It's June 10th already. In my last email to this community I had proposed today as the day to lock down the Keystone API so we can finalize implementation by Diablo-D2 (June 30th).

We've been working on this feverishly over the past couple of weeks and have just pushed out a proposed API here: https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf

For any and all interested, the original source and code is on Github (https://github.com/rackspace/keystone<https://github.com/rackspace/keystone/raw/master/keystone/content/identitydevguide.pdf>), along with the current implementation of Keystone, examples, sample data, tests, instructions, and all the goodies we could muster to put together. The project also lives on Launchpad at http://launchpad.net/keystone.

The API we just put out there is still a proposal. We're going to be focusing on the implementation, but would still love to get community input, feedback, and participation.

Have a great weekend and regards to all,

Ziad

Confidentiality Notice: This e-mail message (including any attached or

embedded documents) is intended for the exclusive and confidential use of the

individual or entity to which this message is addressed, and unless otherwise

expressly indicated, is confidential and privileged information of Rackspace.

Any dissemination, distribution or copying of the enclosed material is prohibited.

If you receive this transmission in error, please notify us immediately by e-mail

at abuse@xxxxxxxxxxxxx<mailto:abuse@xxxxxxxxxxxxx>, and delete the original message.

Your cooperation is appreciated.

References

Re: OpenStack Identity: Keystone API Proposal
From: Rouault, Jason (Cloud Services), 2011-06-15