Re: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

And here is a launchpad mirror: https://launchpad.net/keystone On Apr 26, 2011, at 5:25 PM, Ziad Sawalha wrote: As a follow-up, and to keep the conversation moving, we've built and posted a proof of concept for the OpenStack Identity service at https://github.c

Re: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

As a follow-up, and to keep the conversation moving, we've built and posted a proof of concept for the OpenStack Identity service at https://github.com/khussein/keystone/. The code includes a rudimentary token-based authentication implementation. Included in the project (our internal code name

Re: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

It's indeed practical but there are some shortcomings. Ping me off thread for any details. For the record, I was responsible for the signing implementation in EC2 and for the AuthN/AuthZ design for the Opscode platform (hosted Chef) and I'm looking forward to this conversation at the summit as well

Re: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

Yes, token auth and HTTP basic w/ SSL ended up being good options: http://bazaar.launchpad.net/~khussein/swift/authn/revision/143/swift/auth/basicauth.py Open to other suggestions if anyone has an elegant Anyscale auth solution. Thanks - Z On Apr 18, 2011, at 12:15 PM, Eric Day wrote: > Look

Re: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

On Mon, Apr 18, 2011 at 12:15 PM, Eric Day wrote: > We'll also want to decide if we need a default mechanism for > OpenStack deployments, and if so, what should it be. We had a > discussion previously and I think it was somewhere between token > and HTTP basic w/ SSL. The reason for this is we nee

Re: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

Original Message ---- Subject: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth) From: Ziad Sawalha mailto:z...@sawalha.com>> Date: Mon, April 18, 2011 4:42 am To: "openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>" mailto:op

Re: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

Looks good! I'm looking forward to the summit discussions. Beyond pluggable backends, I would make sure other layers remain pluggable as well (the auth mechanism, protocols to verify, etc). The use cases I have in mind are: * All common forms of HTTP auth. * OpenID, OAuth, and any other open initi

Re: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

relatively easier and this will lower the barrier for enterprise adoption.    e)    IMHO, REST APIs over JSON would be a good choice for any North facing interfacesCheers Original Message Subject: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth) From: Ziad Sawalha

Re: [Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

_ From: openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net [openstack-bounces+sandy.walsh=rackspace@lists.launchpad.net] on behalf of Ziad Sawalha [z...@sawalha.com] Sent: Monday, April 18, 2011 8:42 AM To: openstack@lists.launchpad.net Subject: [Openstack] Proposing an Identity Serv

[Openstack] Proposing an Identity Service in OpenStack (a.k.a. Auth)

Hi Everyone, For OpenStack to achieve the goal of being a "massively scalable cloud operating system", it needs a common approach to some of the problems that an "operating system"deals with such as Authentication (auth-n) and Authorization (auth-z). There has been much discussion on the topic