Abstract image of a woman sitting on books and studying on a laptop

What's new in Havana--Keystone

Mirantis, profile picture
Mirantis

Keystone in OpenStack Havana includes more granular role-based access control policies, the ability to assign roles via OAuth 1.0a and inherit domain roles from projects, a new group API, and separating projects and roles from authentication. It also allows for pluggable token generation and remote authentication through environment variables sent by web servers.

TechnologyBusiness
1 of 7
Downloaded 35 times
1
2
3
4
5
6
7
What’s New In OpenStack Havana Webcast October 2013
OpenStack Identity Service Keystone 36
Keystone Role-based Access Control (RBAC) •  More granular policies •  Can be based on aspects of the request such as API request parameters "identity:delete_user": [["role:admin", "domain_id:%(target.user.domain_id)s"]] 37
Keystone Role handling •  Assign roles via OAuth 1.0a •  Domain roles can be inherited from project •  Group API 38
Keystone Separate projects etc. from authentication •  Projects, roles, etc. follow “assignments” driver •  Users, groups, etc. follow “identity” driver •  Credentials follow “credentials” driver [identity] driver = keystone.identity.backends.ldap.Identity [assignment] driver = keystone.assignment.backends.sql.Assignment 39
Keystone Token generation •  Currently PKI or UUID •  Can now be pluggable •  keystone.token.provider.Provider interface can be custom implemented 40
Keystone Remote handling of authentication through REMOTE_USER •  Sent by the web server as an environment variable •  Can be disabled (remove "external" from plug-ins list) 41

More Related Content

PPTX
Secure your app with keycloak
Guy Marom
 
PDF
Secure Spring Boot Microservices with Keycloak
Red Hat Developers
 
PPTX
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
PPTX
Identity management and single sign on - how much flexibility
Ryan Dawson
 
PPTX
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
PDF
Foreman Single Sign-On Made Easy with Keycloak
Nikhil Kathole
 
PDF
JWTs in Java for CSRF and Microservices
Stormpath
 
PDF
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Hermann Burgmeier
 
Secure your app with keycloak
Guy Marom
 
Secure Spring Boot Microservices with Keycloak
Red Hat Developers
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
Identity management and single sign on - how much flexibility
Ryan Dawson
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2
 
Foreman Single Sign-On Made Easy with Keycloak
Nikhil Kathole
 
JWTs in Java for CSRF and Microservices
Stormpath
 
Mixing OAuth 2.0, Jersey and Guice to Build an Ecosystem of Apps - JavaOne...
Hermann Burgmeier
 

What's hot (20)

PDF
Shoot Me a Token: OpenAM as an OAuth2 Provider
ForgeRock
 
PPTX
Identity Access and Management with Globus
Globus
 
PDF
Mobile Authentication for iOS Applications - Stormpath 101
Stormpath
 
PPTX
Building a document e-signing workflow with Azure Durable Functions
Joonas Westlin
 
PPTX
JWTs for CSRF and Microservices
Stormpath
 
PPTX
Presentation
Laxman Kumar
 
PPTX
Building Android, iOS and Windows 8 Apps with Windows Azure Mobile Services
Pranav Ainavolu
 
PPTX
Web API 2 Token Based Authentication
jeremysbrown
 
PDF
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
 
PPTX
What's new in the July 2017 Update for Dynamics 365 - Developer features
Dynamics 365 Customer Engagement Professionals Netherlands (CEProNL)
 
PPTX
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
PPTX
OpenIDM 3.0 - What's New
ForgeRock
 
PPTX
SharePoint, ADFS and Claims Auth
Kashif Imran
 
PPTX
Intro to Apache Shiro
Claire Hunsaker
 
PPTX
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...
DataArt
 
PPTX
Context Information Management in IoT enabled smart systems - the basics
Fernando Lopez Aguilar
 
PDF
Integrating Asset Bank with other systems
Asset Bank
 
PDF
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
PPTX
Secure API Services in Node with Basic Auth and OAuth2
Stormpath
 
PPTX
Managing Protected and Controlled Data with Globus
Globus
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
ForgeRock
 
Identity Access and Management with Globus
Globus
 
Mobile Authentication for iOS Applications - Stormpath 101
Stormpath
 
Building a document e-signing workflow with Azure Durable Functions
Joonas Westlin
 
JWTs for CSRF and Microservices
Stormpath
 
Presentation
Laxman Kumar
 
Building Android, iOS and Windows 8 Apps with Windows Azure Mobile Services
Pranav Ainavolu
 
Web API 2 Token Based Authentication
jeremysbrown
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2
 
What's new in the July 2017 Update for Dynamics 365 - Developer features
Dynamics 365 Customer Engagement Professionals Netherlands (CEProNL)
 
ApacheCon 2014: Infinite Session Clustering with Apache Shiro & Cassandra
DataStax Academy
 
OpenIDM 3.0 - What's New
ForgeRock
 
SharePoint, ADFS and Claims Auth
Kashif Imran
 
Intro to Apache Shiro
Claire Hunsaker
 
Антон Бойко (Microsoft Azure MVP, Ukrainian Azure Community Founder) «Azure M...
DataArt
 
Context Information Management in IoT enabled smart systems - the basics
Fernando Lopez Aguilar
 
Integrating Asset Bank with other systems
Asset Bank
 
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
Secure API Services in Node with Basic Auth and OAuth2
Stormpath
 
Managing Protected and Controlled Data with Globus
Globus
 
Ad

Similar to What's new in Havana--Keystone (20)

PPTX
Building IAM for OpenStack
Steve Martinelli
 
PPTX
OpenStack Keystone
Deepti Ramakrishna
 
PPTX
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
 
PPTX
Keystone - Openstack Identity Service
Prasad Mukhedkar
 
PDF
CIS 2015- Building IAM for OpenStack- Steve Martinelli
CloudIDSummit
 
PDF
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
PDF
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
PDF
OpenStack keystone identity service
openstackindia
 
PPTX
Aptira presents OpenStack keystone identity service
OpenStack
 
PPTX
OpenStack Summit Berlin - Keystone Project On-boarding
Lance Bragstad
 
PPTX
Identity service keystone ppt
university of Gujrat, pakistan
 
PDF
Open stack identity project update (havana) (1)
Dolph Mathews
 
PPTX
Identity in Openstack Icehouse
David Waite
 
PPTX
OpenStack GDL : Hacking keystone | 20 Octubre 2014
Victor Morales
 
PPTX
OpenStack Keystone Stein Project Update
Lance Bragstad
 
PDF
CIS14: Identity in OpenStack Icehouse
CloudIDSummit
 
PDF
CIS13: OpenStack API Security
CloudIDSummit
 
PPTX
Keystone Project Onboarding
Lance Bragstad
 
ODP
OpenStack Keystone Rocky Project Update
Lance Bragstad
 
PDF
Keystone deep dive 1
Jsonr4
 
Building IAM for OpenStack
Steve Martinelli
 
OpenStack Keystone
Deepti Ramakrishna
 
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
 
Keystone - Openstack Identity Service
Prasad Mukhedkar
 
CIS 2015- Building IAM for OpenStack- Steve Martinelli
CloudIDSummit
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
OpenStack keystone identity service
openstackindia
 
Aptira presents OpenStack keystone identity service
OpenStack
 
OpenStack Summit Berlin - Keystone Project On-boarding
Lance Bragstad
 
Identity service keystone ppt
university of Gujrat, pakistan
 
Open stack identity project update (havana) (1)
Dolph Mathews
 
Identity in Openstack Icehouse
David Waite
 
OpenStack GDL : Hacking keystone | 20 Octubre 2014
Victor Morales
 
OpenStack Keystone Stein Project Update
Lance Bragstad
 
CIS14: Identity in OpenStack Icehouse
CloudIDSummit
 
CIS13: OpenStack API Security
CloudIDSummit
 
Keystone Project Onboarding
Lance Bragstad
 
OpenStack Keystone Rocky Project Update
Lance Bragstad
 
Keystone deep dive 1
Jsonr4
 
Ad

More from Mirantis (20)

PDF
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
Mirantis
 
PDF
Kubernetes Security Workshop
Mirantis
 
PDF
Using Kubernetes to make cellular data plans cheaper for 50M users
Mirantis
 
PDF
How to Build a Basic Edge Cloud
Mirantis
 
PDF
Securing Your Containers is Not Enough: How to Encrypt Container Data
Mirantis
 
PDF
What's New in Kubernetes 1.18 Webinar Slides
Mirantis
 
PDF
Comparison of Current Service Mesh Architectures
Mirantis
 
PDF
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Mirantis
 
PDF
Demystifying Cloud Security Compliance
Mirantis
 
PDF
Mirantis life
Mirantis
 
PDF
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
Mirantis
 
PDF
Boris Renski: OpenStack Summit Keynote Austin 2016
Mirantis
 
PPTX
Digital Disciplines: Attaining Market Leadership through the Cloud
Mirantis
 
PPTX
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Mirantis
 
PPTX
OpenStack: Changing the Face of Service Delivery
Mirantis
 
PPTX
Accelerating the Next 10,000 Clouds
Mirantis
 
PPTX
Containers for the Enterprise: It's Not That Simple
Mirantis
 
PPTX
Protecting Yourself from the Container Shakeout
Mirantis
 
PPTX
It's Not the Technology, It's You
Mirantis
 
PDF
OpenStack as the Platform for Innovation
Mirantis
 
How to Accelerate Your Application Delivery Process on Top of Kubernetes Usin...
Mirantis
 
Kubernetes Security Workshop
Mirantis
 
Using Kubernetes to make cellular data plans cheaper for 50M users
Mirantis
 
How to Build a Basic Edge Cloud
Mirantis
 
Securing Your Containers is Not Enough: How to Encrypt Container Data
Mirantis
 
What's New in Kubernetes 1.18 Webinar Slides
Mirantis
 
Comparison of Current Service Mesh Architectures
Mirantis
 
Your Application Deserves Better than Kubernetes Ingress: Istio vs. Kubernetes
Mirantis
 
Demystifying Cloud Security Compliance
Mirantis
 
Mirantis life
Mirantis
 
OpenStack and the IoT: Where we are, where we're going, what we need to get t...
Mirantis
 
Boris Renski: OpenStack Summit Keynote Austin 2016
Mirantis
 
Digital Disciplines: Attaining Market Leadership through the Cloud
Mirantis
 
Decomposing Lithium's Monolith with Kubernetes and OpenStack
Mirantis
 
OpenStack: Changing the Face of Service Delivery
Mirantis
 
Accelerating the Next 10,000 Clouds
Mirantis
 
Containers for the Enterprise: It's Not That Simple
Mirantis
 
Protecting Yourself from the Container Shakeout
Mirantis
 
It's Not the Technology, It's You
Mirantis
 
OpenStack as the Platform for Innovation
Mirantis
 

Recently uploaded (20)

PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
PDF
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
PDF
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PPTX
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
PDF
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
PDF
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
PDF
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PDF
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
Principled Technologies
 
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
Michael Weaver
 
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
4 layer Arch & Reference Arch of IoT.pdf
sendilkumar66
 
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Flame analysis and combustion estimation using large language and vision assi...
IAESIJAI
 
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
“A New Era of 3D Sensing: Transforming Industries and Creating Opportunities,...
Edge AI and Vision Alliance
 

What's new in Havana--Keystone