Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, April 18 • 9:50am - 10:30am
Generic support for external authn/authz

Sign up or log in to save this to your schedule and see who's attending!

We already support some mechanisms for plugging in authentication methods, but we need to evolve the keystone architecture to enable deployers and cloud providers to use their chosen set of authn/authz. This is not just about plugging things into the back of keystone, but needs to take into account how tokens might be validated (e.g. we do PKI today, but how would we cleanly enable some other standard token format?)

Goals for session:
- Agree proposal for how we split the authentication & authorization in terms of API, laying the groundwork for us to expand the supported set of technologies
- Agree how alternative authn/z and their token generation fits into the above structure
- Agree where and how plugin points will be provided for such alternatives, including within auth_token middleware
- Show an example proposal for OAuth (Authorization)with OpenID Connect (Authentication) that match the above.

(Session proposed by Henry Nash)


Thursday April 18, 2013 9:50am - 10:30am
B114

Attendees (36)