[User-committee] Fwd: [openstack-dev] [all][keystone][product] api keys/application specific passwords

Sun, Yih Leong yih.leong.sun at intel.com
Wed May 17 16:30:54 UTC 2017


This is a use case that we have been talking about in the past for Enterprise customers.
Not only from AppDev experience but also from Ops/tooling perspective and security reason.

In terms of resources for implementation, I will discuss this with my team and see if we can support.

Thanks!

---
Yih Leong Sun, PhD (宋毅良)
Senior Software Cloud Architect | Open Source Technology Center | Intel Corporation
yih.leong.sun at intel.com | +1 503 264 0610




From: Shamail Tahir [mailto:itzshamail at gmail.com]
Sent: Wednesday, May 17, 2017 7:56 AM
To: user-committee at lists.openstack.org
Subject: [User-committee] Fwd: [openstack-dev] [all][keystone][product] api keys/application specific passwords

Hi PWG,

Please see the request from Lance below... there is already good discussion going on about this topic on the Dev mailing list in case you want additional context. The main request for us is to determine whether any of our organizations would be willing to help with the implementation of this functionality which improves the AppDev experience by allowing a mechanism to grant access to cloud resources programmatically without the need to create a user account (which shifts the act of authorization from the developer to the administrator). Are any of your teams able to help with implementation? Monty has volunteered to partner with whoever to move the spec forward but won't be able to code it himself.

Thanks,
Shamail


Begin forwarded message:
From: Lance Bragstad <lbragstad at gmail.com<mailto:lbragstad at gmail.com>>
Date: May 11, 2017 at 3:32:30 PM EDT
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>, user-committee at lists.openstack.org<mailto:user-committee at lists.openstack.org>
Subject: [openstack-dev] [all][keystone][product] api keys/application specific passwords
Reply-To: "OpenStack Development Mailing List \(not for usage questions\)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Hey all,

One of the Baremetal/VM sessions at the summit focused on what we need to do to make OpenStack more consumable for application developers [0]. As a group we recognized the need for application specific passwords or API keys and nearly everyone (above 85% is my best guess) in the session thought it was an important thing to pursue. The API key/application-specific password specification is up for review [1].

The problem is that with all the recent churn in the keystone project, we don't really have the capacity to commit to this for the cycle. As a project, we're still working through what we've committed to for Pike before the OSIC fallout. It was suggested that we reach out to the PWG to see if this is something we can get some help on from a keystone development perspective. Let's use this thread to see if there is anyway we can better enable the community through API keys/application-specific passwords by seeing if anyone can contribute resources to this effort.

Thanks,

Lance


[0] https://etherpad.openstack.org/p/BOS-forum-using-vm-and-baremetal
[1] https://review.openstack.org/#/c/450415/

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org<mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/user-committee/attachments/20170517/39b07359/attachment-0001.html>


More information about the User-committee mailing list