[openstack-dev] [Keystone] Splitting Delegation and Federation
Adam Young
ayoung at redhat.com
Fri Sep 28 19:35:16 UTC 2012
I think I want to distinguish my original proposal for Federation from
what the Kent folks have proposed. I think both proposals are valuable,
and server different needs.
What I was doing was really making it possible for Keystone to work in a
delegated manner, with a Keystone server dedicated to serving each
domain separately (simplification ,but conceptually correct). This is
more of an incremental approach.
The Kent approach is truly Federated, and thus should carry forward with
that name.
The Federation session at the Summit will cover both, but should be
focused on the Kent approach. The PKI future session is essential to the
delegation approach, and will cover it in more detail.
I've changed the existing Federation blueprint to Delegation:
https://blueprints.launchpad.net/keystone/+spec/delegation
With the full write up of the spec here:
http://wiki.openstack.org/keystone/Delegation
I've registered the Federation Blueprint as
https://blueprints.launchpad.net/keystone/+spec/federation
I'd appreciate the Kent taking ownership of the Federation Blueprint
moving forward.
More information about the OpenStack-dev
mailing list