openstack team mailing list archive

Thread
Date

Re: Will keystone be the bottleneck?

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Adam Young <ayoung@xxxxxxxxxx>
Date: Thu, 10 May 2012 17:20:13 -0400
In-reply-to: <1336442882.45591.YahooMailNeo@web92401.mail.cnh.yahoo.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120424 Thunderbird/12.0

On 05/07/2012 10:08 PM, ?? wrote:

Every service that receives requests with a token needs to communicatewith keystone to verify a user's identity.A rough diagram of how keystone works can be found in the sequencediagram:http://docs.openstack.org/trunk/openstack-identity/admin/content/what-is.html
While there is a mass of users or the scale of cloud becomes huge,willkeystone be the bottlenect?
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

I think so, which is why I am working on this:
https://blueprints.launchpad.net/keystone/+spec/pki

THe tl;dr version: provide the roles in the token as acryptographically signed document. The services like Glance and Novawill use a public key from Keystone to verify the tokens and rolesinstead of talking back to the Keystone server.

References

Will keystone be the bottleneck?
From: 陈军, 2012-05-08