Hi, At OSSG, we are currently doing Threat Modelling of OpenStack and as a starter we have already performed initial work for Keystone. Work on Nova has also started. The current status of the work is located at https://wiki.openstack.org/wiki/Security/Threat_Analysis https://github.com/shohel02/OpenStack_Threat_Modelling.git https://github.com/criscad/OpenStack_Threat_Modelling.git In the mid review starting at July 14th, we will go through threat modelling process for Openstack projects, and for Keystone we go through a component break down and enumerate possible threats and attack vectors. Interested? Put your name in etherpad Threat Modelling section. We are especially hoping to get support and participation from Keystone core developers . I think there are some in this mailing list too :) https://etherpad.openstack.org/p/ossg-juno-meetup Cheers, Shohel -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140612/0e6b3aa3/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4163 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140612/0e6b3aa3/attachment.bin>