On 05/07/2012 10:08 PM, ?? wrote: > Every service that receives requests with a token needs to communicate > with keystone to verify a user's identity. > A rough diagram of how keystone works can be found in the sequence > diagram:http://docs.openstack.org/trunk/openstack-identity/admin/content/what-is.html > > While there is a mass of users or the scale of cloud becomes huge,will > keystone be the bottlenect? > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack at lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp I think so, which is why I am working on this: https://blueprints.launchpad.net/keystone/+spec/pki THe tl;dr version: provide the roles in the token as a cryptographically signed document. The services like Glance and Nova will use a public key from Keystone to verify the tokens and roles instead of talking back to the Keystone server. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120510/af8e868c/attachment.html>