Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Visit the OpenStack Summit page for the latest news, registration and hotels.
View analytic
Wednesday, November 5 • 09:00 - 09:40
Leveraging Existing Identity Sources for OpenStack Clouds

Sign up or log in to save this to your schedule and see who's attending!

Keystone is the reference implementation of the Identity API in OpenStack. It needs to deal with traditional identity concepts such as users and groups as well as centrally managing authorization. This session will cover how Keystone can leverage existing identity sources for authentication and identity information and instead focus on it's primary job of centrally managing access to cloud services and resources.

Keystone has a pluggable architecture that allows it to work with different identity sources. These options range from storing identity information locally to using external identity sources such as an LDAP server or a SAML identity provider. Nearly all companies and organizations already have an existing authoritative identity source that provides centralized authentication and user and group information. Configuring Keystone to use this central identity source is a popular goal for those deploying OpenStack, yet its not straight-forward to actually accomplish due to variations of different identity sources.

In this presentation, Nathan Kinder will review how Keystone has evolved around the concept of identity to date.  An overview of the very latest options for handling identity information will be provided, along with the pros and cons of the available approaches. We will also discuss how Keystone can leverage existing identity sources to provide strong authentication mechanisms in addition to discussing more complex scenarios such as using multiple external identity sources from a single Keystone instance.

Speakers
avatar for Nathan Kinder

Nathan Kinder

Software Engineering Manager, Red Hat, Red Hat
Nathan is a Software Engineering Manager at Red Hat, where he manages the development of the identity and security related components of the Red Hat Enterprise Linux OpenStack Platform, Red Hat Directory Server, and Red Hat Certificate System products.  He is an active member of the OpenStack Security Group, and regularly contributes to the Keystone project.  He has been a developer on the 389 Directory Server project since it's inception... Read More →


Wednesday November 5, 2014 09:00 - 09:40
Room 251

Attendees (57)