[openstack-dev] [Openstack] [KEYSTONE] Keystone federation
Giuseppe Galeota
giuseppegaleota at gmail.com
Mon Feb 10 10:24:54 UTC 2014
Dear all,
I would provide both PaaS and IaaS (Openstack) services, with two keystone
services: one for the PaaS (Keystone PaaS) and the other one for the IaaS
(Keystone IaaS).
In particular, I would Openstack system appear as a PaaS service towards
PaaS's users, so that an user that authenticates against Keystone PaaS can
use Openstack services too.
So, I was thinking of using Keystones federation, so that:
1- PaaS's user authenticates against Keystone PaaS and receives a scoped
token.
2- PaaS's user invokes openstack services by using the scoped token
received from Keystone PaaS;
3- Openstack services validate the token against Keystone IaaS;
4- Keystone IaaS validate against Keystone PaaS
Do you think this scenario is possible? I would be appreciate any further
solutions you think I might implement.
Best regards,
Giuseppe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140210/48db7c07/attachment.html>
More information about the OpenStack-dev
mailing list