What's new in Havana--Keystone

7
What’s New In OpenStack Havana Webcast October 2013

description

Part of the "What's New in Havana" Webinar, these slides show what's new in Keystone.

Transcript of What's new in Havana--Keystone

Page 1: What's new in Havana--Keystone

What’s New In OpenStack Havana

Webcast October 2013

Page 2: What's new in Havana--Keystone

OpenStack Identity Service

Keystone

36

Page 3: What's new in Havana--Keystone

Keystone

Role-based Access Control (RBAC)

•  More granular policies

•  Can be based on aspects of the request such as API request parameters

"identity:delete_user": [["role:admin", \

"domain_id:%(target.user.domain_id)s"]]

37

Page 4: What's new in Havana--Keystone

Keystone

Role handling

•  Assign roles via OAuth 1.0a

•  Domain roles can be inherited from project

•  Group API

38

Page 5: What's new in Havana--Keystone

Keystone

Separate projects etc. from authentication

•  Projects, roles, etc. follow “assignments” driver

•  Users, groups, etc. follow “identity” driver

•  Credentials follow “credentials” driver

[identity] driver = keystone.identity.backends.ldap.Identity [assignment] driver = keystone.assignment.backends.sql.Assignment 39

Page 6: What's new in Havana--Keystone

Keystone

Token generation

•  Currently PKI or UUID

•  Can now be pluggable

•  keystone.token.provider.Provider interface can be custom implemented

40

Page 7: What's new in Havana--Keystone

Keystone

Remote handling of authentication through REMOTE_USER

•  Sent by the web server as an environment variable

•  Can be disabled (remove "external" from plug-ins list)

41


havanaorange.de: Havana Orange

havanaorange.de: Havana Orange

Havana-Oriented · Havana-Oriented HAVANA,Cuba April 20, 1999 ByPaigeEvans Oriente, Cuba’smountainouseasternregion, has alwaysplayedanim- portantroleinthecountry’spolitics ...

Havana-Oriented · Havana-Oriented HAVANA,Cuba April 20, 1999 ByPaigeEvans Oriente, Cuba’smountainouseasternregion, has alwaysplayedanim- portantroleinthecountry’spolitics ...

Havana Photos

Havana Photos

HAPPY HAVANA HAVE…

HAPPY HAVANA HAVE…

Havana(City tour

Havana(City tour

Kenny G - Havana

Kenny G - Havana

Deaf Havana Interview

Deaf Havana Interview

Page 6 Havana

Page 6 Havana

Revista Semestral da Associação Brasileira de Psicologia ...Glória Fariñas León Universidade de Havana, Havana - Cuba Guilhermo Arias Beaton Universidade de Havana, Havana - Cuba

Revista Semestral da Associação Brasileira de Psicologia ...Glória Fariñas León Universidade de Havana, Havana - Cuba Guilhermo Arias Beaton Universidade de Havana, Havana - Cuba

Havana cuba

Havana cuba

Havana Club

Havana Club

Havana Remains Magnificent

Havana Remains Magnificent

The Havana Reporter

The Havana Reporter

Star-spangled Havana

Star-spangled Havana

Openstack havana

Openstack havana

Havana, Cuba, 21.11.2003

Havana, Cuba, 21.11.2003

HAVANA TOWER - LoopNet

HAVANA TOWER - LoopNet

Havana - cf.ltkcdn.net

Havana - cf.ltkcdn.net

Academic Arrangements Abroad - What's on Havana January 2014

Academic Arrangements Abroad - What's on Havana January 2014

OWF13 - Havana Retrospective

OWF13 - Havana Retrospective