vmware driver support for VMware SSO
This is part of the overall discussion of security authN/authZ strategies cataloged here:
https:/
The current driver stores usernames and passwords in plain text. The VMware vSphere and vCenter products have their own SSO system. At the driver level, we should allow a customer to optionally configure the SSO keys and tokens so that they do not have to store the password in plain text on their nova-compute node.
Areas to consider:
* keystone integration with AD plus vCenter integration with AD may solve some user related issues
* keystone integration with vCenter SSO?
* vCenter SSO integration with Keystone?
* can we use long running HoK tokens or other non-password based tokens for authentication?
This may be important to implementing the feature:
https:/
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Shawn Hartsock
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Drafting
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
NOTE: Collaboration and coordination with:
* https:/
* https:/
It seems like this is still in the design phase. It's not clear what the proposed work is for Nova, so it's premature to approve it for now. Please change the status to "Pending Approval" when you feel it's ready for blueprint review, though. --russellb
NOTE: Collaboration and coordination with:
* https:/
* https:/
It seems like this is still in the design phase. It's not clear what the proposed work is for Nova, so it's premature to approve it for now. Please change the status to "Pending Approval" when you feel it's ready for blueprint review, though. --russellb
Marking this blueprint as definition: Drafting. If you are still working on this, please re-submit via nova-specs. If not, please mark as obsolete, and add a quick comment to describe why. --johnthetubaguy (20th April 2014)
