We need a way to link users and services to the X509 certificates that
sign messages from them. The most immediate need is to have multiple
Keystone servers with their own signing certs, but the RPC mechanism
also will need PKI message signing.
Please read and contribute to the Spec for the blueprint; It is really
just a skeleton for now.
https://blueprints.launchpad.net/keystone/+spec/x509subjects
Direct link to Spec:
https://wiki.openstack.org/wiki/Keystone/X509Subjects
This will be served by the existing certificate API:
https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-simple-certs-ext.md
Note that the BP makes no statements about how the certificates are
signed or approved, merely how they are distributed.
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
