The docs on keystone mention that Keystone can support 2-way SSL. Does this mean between keystone and a service? or Keystone and a user? If it is to a user, what is the criteria by which it validates the user's cert? Also, would something like this be compatible with LDAP to indicate role/tenancy membership? Speaking of LDAP, the docs seem rather light, has anyone successfully used it in production? I saw Adam Young's post from a year ago which seems promising. Is it going to be supported going forward? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130213/1500ed87/attachment.html>