Add Domain Support in Barbican
Registered by
Jeff Feng
This effort is to add domain concept support in Barbican. Domain in V3 keystone provides isolation between sets of projects and users. Same kind of isolation is needed when Barbican uses V3 keystone as identity provider service.
With domain support, Barbican can support domain-specific HSM or KMIP configuration, so that secrets belong to projects in different domain can be protected by different master key or even different mechanism. In KMIP case, different KMIP server can be used for different domains.
By default, current single HSM or single KMIP configuration can be continuously used.
The alternative is to deploy domain-specific Barbican service for domains which want to have its own HSM/KMIP service backend.
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Jeff Feng
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
(?)
