Hi stackers, I would like to suggest very simple idea of splitting out of Keystone authentication part in the separated project.
Such change has 2 positive outcomes: 1) It will be quite simple to create scalable service with high performance for authentication based on very mature projects like: Kerberos[1] and OpenLDAP[2]. 2) This will reduce scope of Keystone, which means 2 things 2.1) Smaller code base that has less issues and is simpler for testing 2.2) Keystone team would be able to concentrate more on fixing perf/scalability issues of authorization, which is crucial at the moment for large clouds. Thoughts? [1] http://web.mit.edu/kerberos/ [2] http://ldapcon.org/2011/downloads/hummel-slides.pdf Best regards, Boris Pavlovic
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
