[openstack-dev] [keystone] Liberty SPFE Request - IDP Specific WebSSO

Morgan Fainberg morgan.fainberg at gmail.com
Thu Aug 13 14:49:56 UTC 2015


To be fair this is pushing late into the cycle for adding a new target for Liberty. We already have a very large body of code that has historically not received consistent reviewing. My concern is that we're again rushing things in at the wire and will get a substandard implementation. 

I wont block this, but as with the other spec freeze exceptions we will vote at the next keystone meeting on accepting this spec freeze exception. 

Please make sure to add it to the weekly meeting and feel free to continue this discussion here on the ML to cover justifications etc. 

--Morgan

Sent via mobile

> On Aug 12, 2015, at 16:20, Lance Bragstad <lbragstad at gmail.com> wrote:
> 
> Hey all, 
> 
> 
> I'd like to propose a spec proposal freeze exception for IDP Specific WebSSO [0].
> 
> This topic has been discussed, in length, on the mailing list [1], where this spec has been referenced as a possible solution [2]. This would allow for multiple Identity Providers to use the same protocol. As described on the mailing list, this proposal would help with the public cloud cases for federated authentication workflows, where Identity Providers can't be directly exposed to users. 
> 
> The flow would look similar to what we already do for federated authentication [3], but it includes adding a call in step 3. Most of the code for step 3 already exists in Keystone, it would more or less be adding it to the path.
> 
> 
> Thanks!
> 
> 
> [0] https://review.openstack.org/#/c/199339/2
> [1] http://lists.openstack.org/pipermail/openstack-dev/2015-August/071131.html
> [2] http://lists.openstack.org/pipermail/openstack-dev/2015-August/071571.html
> [3] http://goo.gl/lLbvE1
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150813/c9c8ca83/attachment.html>


More information about the OpenStack-dev mailing list