[openstack-dev] [tc][ptl][keystone] Proposal to split authentication part out of Keystone to separated project

Boris Pavlovic bpavlovic at mirantis.com
Wed Apr 6 19:26:23 UTC 2016

Hi stackers,

I would like to suggest very simple idea of splitting out of Keystone
part in the separated project.

Such change has 2 positive outcomes:
1) It will be quite simple to create scalable service with high performance
for authentication based on very mature projects like: Kerberos[1] and

2) This will reduce scope of Keystone, which means 2 things
2.1) Smaller code base that has less issues and is simpler for testing
2.2) Keystone team would be able to concentrate more on fixing
perf/scalability issues of authorization, which is crucial at the moment
for large clouds.


[1] http://web.mit.edu/kerberos/
[2] http://ldapcon.org/2011/downloads/hummel-slides.pdf

Best regards,
Boris Pavlovic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160406/4914c18a/attachment.html>

More information about the OpenStack-dev mailing list