This session will include the following subject(s):
SAML, OAuth 2, and SCIM - Overview and Application:
A discussion of how identity standards may apply to keystone, and how keystone may wish to align itself with these standards through Havana and beyond.
A brief tour will be given to level set the room on the following current and approaching standards. It is recommended that anyone wishing to participate in the discussion read the attached links for background information in order to prepare.
- SAML An XML-based identity assertions commonly used for cross-domain single sign-on (A.K.A Federation) for Web SSO and Web Services (WS-*). IETF drafts describe use with OAuth 2.0.
Executive Overview: http://bit.ly/16Hn35X
- OAuth 2 - token based authentication for web applications and APIs. Defines the client software as a role. Separates issuing tokens from how you use a token. Token issuance is defined both for browsers and for REST clients using a username/password. Token format is not defined by OAuth2, but one proposed standard format is JWT.
OAuth2 Simplified: http://bit.ly/14aaH6U
- JWT - JSON Web Tokens, an upcoming standard format for structured tokens (containing data) which are integrity protected and optionally encrypted.
JWT spec: http://bit.ly/15YAKMx
- SCIM - cross-domain user account creation and management. REST API for CRUD operations around user accounts