← Back to team overview

openstack team mailing list archive

Re: Keystone should to Apache HTTPD.


On Thu, Mar 1, 2012 at 12:22 PM, Esker, Robert <Rob.Esker@xxxxxxxxxx> wrote:

>  Hi Andy,
>  You mention PKI, SSL, multi-factor auth, et cetera as having factored in
> to your thought process.  Are any of these expressed in the form of a
> blueprint(s) yet?

I have a very low opinion of the blueprint system (for a variety of reasons
I can get into somewhere else), so I tend to let the people who like doing
that sort of stuff do it.

>  We've keen interest in how / when these get factored in.

Awesome, I'd love for you to email myself and joe heck your specific use
cases so we can make sure that they are included in any thoughts on the
subjects and are documented somewhere.

>  Do you anticipate any of these being tackled at the Folsom design summit?

I suspect they will be, though I prefer technical conversations in smaller
circles. I am not sure if there are already preparations going on for what
gets discussed there, but if there are you are welcome to draw our
attention to this subject.


P.S. Stuffy nose apparently makes my responses extra vague, I hope you got
the idea though.

>  Thanks,
>  Rob Esker
> NetApp, Inc.
>   From: Andy Smith <andyster@xxxxxxxxx>
> Date: Thu, 1 Mar 2012 11:44:14 -0800
> To: Nathanael Burton <nathanael.i.burton@xxxxxxxxx>
> Cc: <openstack@xxxxxxxxxxxxxxxxxxx>
> Subject: Re: [Openstack] Keystone should to Apache HTTPD.
>   - secure encrypted tokens (removes the need for backend validation)
>  - pki for authentication
>  - ssl transport
>  - support for signed requests
>  - 2-factor auth
>  Just so you guys don't think we're not already thinking about all these
> things.