[openstack-dev] [Openstack] [KEYSTONE] Keystone federation

Giuseppe Galeota giuseppegaleota at gmail.com
Mon Feb 10 10:24:54 UTC 2014


Dear all,

I would provide both PaaS and IaaS (Openstack)  services, with two keystone
services: one for the PaaS (Keystone PaaS) and the other one for the IaaS
(Keystone IaaS).

In particular, I would Openstack system appear as a PaaS service towards
PaaS's users, so that an user that authenticates against Keystone PaaS can
use Openstack services too.

So, I was thinking of using Keystones federation, so that:
1- PaaS's user authenticates against Keystone PaaS and receives a scoped
token.
2- PaaS's user invokes openstack services by using the scoped token
received from Keystone PaaS;
3- Openstack services validate the token against Keystone IaaS;
4- Keystone IaaS validate against Keystone PaaS

Do you think this scenario is possible? I would be appreciate any further
solutions you think I might implement.

Best regards,
Giuseppe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140210/48db7c07/attachment.html>


More information about the OpenStack-dev mailing list