[openstack-dev] [keystone] Liberty SPFE Request - IDP Specific WebSSO

David Chadwick d.w.chadwick at kent.ac.uk
Thu Aug 13 09:05:20 UTC 2015


I would also like a spec proposal freeze exception, but not if this
leads to a rushed design and a poor implementation that will need to be
fixed again during the next cycle. Its far better to get the right
design now, even if it means missing the liberty release, than to
implement a suboptimal design just in order to make the liberty release.
We have too many examples of half implemented federation features being
rushed through into a release, which then cause more effort to fix in
the next release (and churn for implementors).

David

On 13/08/2015 00:20, Lance Bragstad wrote:
> Hey all, 
> 
> 
> I'd like to propose a spec proposal freeze exception for IDP Specific
> WebSSO [0].
> 
> This topic has been discussed, in length, on the mailing list [1], where
> this spec has been referenced as a possible solution [2]. This would
> allow for multiple Identity Providers to use the same protocol. As
> described on the mailing list, this proposal would help with the public
> cloud cases for federated authentication workflows, where Identity
> Providers can't be directly exposed to users. 
> 
> The flow would look similar to what we already do for federated
> authentication [3], but it includes adding a call in step 3. Most of the
> code for step 3 already exists in Keystone, it would more or less be
> adding it to the path.
> 
> 
> Thanks!
> 
> 
> [0] https://review.openstack.org/#/c/199339/2
> [1] http://lists.openstack.org/pipermail/openstack-dev/2015-August/071131.html
> [2] http://lists.openstack.org/pipermail/openstack-dev/2015-August/071571.html
> [3] http://goo.gl/lLbvE1
> 
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 



More information about the OpenStack-dev mailing list