Thursday, April 18 • 1:30pm - 2:10pm
Key Manager

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

OpenStack services such as Cinder are offering encryption for volumes, an off-shoot implementation for Swift exists, Glance is a logical next candidate. Encryption involves keys, their creation, access control, and secure maintenance. Several blueprints touch on it. Let us design and develop a high availability solution. Perhaps a sub-service of Keystone (on par with Identity). With PKI tokens and X509 certificates in OpenStack now, the encryption keys could be encoded before being saved, for example, a volume encryption key would be "owned" by Cinder, so it could be encoded using Cinder's public-key.
//key//. Would it be useful to have a reference count associated with keys, when all objects associated with it deleted, the key may be deleted. Support key caching on the services to reduce chattiness with Keystone.

(Session proposed by Malini Bhandaru)

Thursday April 18, 2013 1:30pm - 2:10pm

Attendees (0)