Dear all, I would provide both PaaS and IaaS (Openstack) services, with two keystone services: one for the PaaS (Keystone PaaS) and the other one for the IaaS (Keystone IaaS).
In particular, I would Openstack system appear as a PaaS service towards PaaS's users, so that an user that authenticates against Keystone PaaS can use Openstack services too. So, I was thinking of using Keystones federation, so that: 1- PaaS's user authenticates against Keystone PaaS and receives a scoped token. 2- PaaS's user invokes openstack services by using the scoped token received from Keystone PaaS; 3- Openstack services validate the token against Keystone IaaS; 4- Keystone IaaS validate against Keystone PaaS Do you think this scenario is possible? I would be appreciate any further solutions you think I might implement. Best regards, Giuseppe
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev