[Openstack] Federated Access To OpenStack
David Chadwick
d.w.chadwick at kent.ac.uk
Sun Aug 5 22:16:24 UTC 2012
Hi Everyone
during the last few weeks we have been working on adding federated
access to Open Stack. The basic system is now working in our lab, and
clients for nova, swift and glance have been modified in order to allow
federated access through a set of federated APIs that we have designed
and built. The specifications for the APIs and implementation have been
uploaded to DropBox and are available here:
http://dl.dropbox.com/u/44986510/Adding%20federated%20access%20to%20OpenStack%201.pdf
http://dl.dropbox.com/u/44986510/Client%20Connection%20API%20v1.pdf
http://dl.dropbox.com/u/44986510/Federated%20Middleware%20Services-v1.pdf
http://dl.dropbox.com/u/44986510/UserGuide.pdf
All comments and feedback from the community will be gratefully received.
We currently use SAML as the federated access protocol, since a Python
library for this already exists, but this can be changed to OpenID OAuth
or anything else without changing the specifications or the client
implementations (so we hope from the design). Only the federated
middleware will need to change, and we can do this once suitable
packages become available in Python.
We hope to have public demos available by the end of this week, once we
can sort out the university firewall and other issues.
A use case we have for our federated access is an open source research
repository in the cloud for the UK academic community. Since all UK
students and staff (up to 1 million people) already have their own
university un/pws, they should be able to login to the cloud repository
using their existing credentials, in order to store and share their
research outputs with others. They should not need to obtain new un/pws
in order to access the cloud service. Our federated access to OpenStack
provides this functionality. Users who can successfully identify
themselves as members of the UK academic community will be automatically
enrolled as cloud users and given appropriate tenant IDs.
I look forward to having fruitful discussions with you about federated
access to OpenStack.
regards
David
More information about the Openstack
mailing list