Once again it is time to brain dump the things I want to make happen in the next release of Open Stack.
- External Authentication: Make it so we can use the Web servers authentication mechanism to log in to Keystone, as opposed to requiring UserId/Password in a JSON document
- Make it possible to enable basic authentication in Eventlet used for Keystone
- Promote HTML to a first class citizen: Navigation throughout the Keystone server should be possible via browser, using Hyperlinks. All pages for V3 API should responds with HTML unless a specific content type is requested.
- Keystone Federation: I am more than happy to surrender this task, as there seem to be many people interested, but we have to make sure the solution works for all interested parties.
- TLS/LDAPS support
- Pass through authentication to a corporate LDAP server
- Refactor the authentication code that is used in service.py and elsewhere.
- Investigate the performance aspects of PKI tokens versus UUID Tokens.
- Perform the OpenSSL operations for PKI without forking
- Simplify the deployment of auth_token middleware.
This is my list as I see it right now. We have a lot of planning to do in the next couple of months that will prioritize these items, and also add/delete items from this list.
(I accidentally posted a very short draft of the post before. My apologies for the unnecessary traffic.)