Suche senden
Hochladen
OpenStack Security
âą
2 gefÀllt mir
âą
3,089 views
openstackindia
Folgen
Technologie
Diashow-Anzeige
Melden
Teilen
Diashow-Anzeige
Melden
Teilen
1 von 10
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Openstack security presentation 2013
Openstack security presentation 2013
brian_chong
Â
Security Issues in OpenStack
Security Issues in OpenStack
oldbam
Â
CIS13: OpenStack API Security
CIS13: OpenStack API Security
CloudIDSummit
Â
Shmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security Brief
openfly
Â
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
Â
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
Â
OpenStack Security Project
OpenStack Security Project
Travis McPeak
Â
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service
Prasad Mukhedkar
Â
Empfohlen
Openstack security presentation 2013
Openstack security presentation 2013
brian_chong
Â
Security Issues in OpenStack
Security Issues in OpenStack
oldbam
Â
CIS13: OpenStack API Security
CIS13: OpenStack API Security
CloudIDSummit
Â
Shmoocon 2013 - OpenStack Security Brief
Shmoocon 2013 - OpenStack Security Brief
openfly
Â
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
Â
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
Â
OpenStack Security Project
OpenStack Security Project
Travis McPeak
Â
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service
Prasad Mukhedkar
Â
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack Clouds
Major Hayden
Â
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
Â
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
Â
Managed Cloud Platform
Managed Cloud Platform
David Martin
Â
Windows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
vivekbhat
Â
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
K.Mohamed Faizal
Â
Intro to the FIWARE Lab
Intro to the FIWARE Lab
FIWARE
Â
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab Cloud
Fernando Lopez Aguilar
Â
Open Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -Eucalyptus
Sameer Naik
Â
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond Firewalls
Giuseppe Paterno'
Â
Container Security
Container Security
Amazon Web Services
Â
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
Aidan Finn
Â
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab Cloud
Fernando Lopez Aguilar
Â
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Cloudera, Inc.
Â
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld
Â
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
VMworld
Â
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld
Â
Networking deep dive
Networking deep dive
Jeroen Niesen
Â
Building Secure Architectures on AWS
Building Secure Architectures on AWS
ManojAccTest
Â
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
Â
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Novell
Â
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Novell
Â
Weitere Àhnliche Inhalte
Was ist angesagt?
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack Clouds
Major Hayden
Â
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
csandit
Â
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
Â
Managed Cloud Platform
Managed Cloud Platform
David Martin
Â
Windows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
vivekbhat
Â
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
K.Mohamed Faizal
Â
Intro to the FIWARE Lab
Intro to the FIWARE Lab
FIWARE
Â
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab Cloud
Fernando Lopez Aguilar
Â
Open Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -Eucalyptus
Sameer Naik
Â
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond Firewalls
Giuseppe Paterno'
Â
Container Security
Container Security
Amazon Web Services
Â
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
Aidan Finn
Â
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab Cloud
Fernando Lopez Aguilar
Â
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Cloudera, Inc.
Â
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld
Â
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
VMworld
Â
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld
Â
Networking deep dive
Networking deep dive
Jeroen Niesen
Â
Building Secure Architectures on AWS
Building Secure Architectures on AWS
ManojAccTest
Â
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
Â
Was ist angesagt?
(20)
Holistic Security for OpenStack Clouds
Holistic Security for OpenStack Clouds
Â
Design and implement a new cloud security method based on multi clouds on ope...
Design and implement a new cloud security method based on multi clouds on ope...
Â
OpenStack keystone identity service
OpenStack keystone identity service
Â
Managed Cloud Platform
Managed Cloud Platform
Â
Windows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
Â
Connect your datacenter to Microsoft Azure
Connect your datacenter to Microsoft Azure
Â
Intro to the FIWARE Lab
Intro to the FIWARE Lab
Â
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab Cloud
Â
Open Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -Eucalyptus
Â
OpenStack: Security Beyond Firewalls
OpenStack: Security Beyond Firewalls
Â
Container Security
Container Security
Â
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
Â
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab Cloud
Â
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Hadoop Security, Cloudera - Todd Lipcon and Aaron Myers - Hadoop World 2010
Â
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
Â
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
Â
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
VMworld 2013: VMware NSX Extensibility: Network and Security Services from 3r...
Â
Networking deep dive
Networking deep dive
Â
Building Secure Architectures on AWS
Building Secure Architectures on AWS
Â
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
Â
Ăhnlich wie OpenStack Security
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Novell
Â
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Novell
Â
Enterprise Security & SSO
Enterprise Security & SSO
Ambareesh Kulkarni
Â
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
Â
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
Novell
Â
Cisco Study: State of Web Security
Cisco Study: State of Web Security
Cisco Canada
Â
CloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stack
buildacloud
Â
Building a cloud with cisco ucs and citrix
Building a cloud with cisco ucs and citrix
Nuno Alves
Â
OpenStack at Xen summit Asia
OpenStack at Xen summit Asia
Jaesuk Ahn
Â
Compliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement Management
Noam Bunder
Â
Eucalyptus-AWS Hybrid Using RightScale myCloud
Eucalyptus-AWS Hybrid Using RightScale myCloud
RightScale
Â
apiGrove
apiGrove
gmthomps
Â
Operating the Hyperscale Cloud
Operating the Hyperscale Cloud
Open Stack
Â
Dev ops operations openstack
Dev ops operations openstack
Bruno Amaro Almeida
Â
Openstack Diablo Survey
Openstack Diablo Survey
Pjack Chen
Â
Aptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity service
OpenStack
Â
Cloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Govind Maheswaran
Â
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategy
drmarcustillett
Â
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Amazon Web Services
Â
Building IAM for OpenStack
Building IAM for OpenStack
Steve Martinelli
Â
Ăhnlich wie OpenStack Security
(20)
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Â
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
Â
Enterprise Security & SSO
Enterprise Security & SSO
Â
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Â
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
Â
Cisco Study: State of Web Security
Cisco Study: State of Web Security
Â
CloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stack
Â
Building a cloud with cisco ucs and citrix
Building a cloud with cisco ucs and citrix
Â
OpenStack at Xen summit Asia
OpenStack at Xen summit Asia
Â
Compliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement Management
Â
Eucalyptus-AWS Hybrid Using RightScale myCloud
Eucalyptus-AWS Hybrid Using RightScale myCloud
Â
apiGrove
apiGrove
Â
Operating the Hyperscale Cloud
Operating the Hyperscale Cloud
Â
Dev ops operations openstack
Dev ops operations openstack
Â
Openstack Diablo Survey
Openstack Diablo Survey
Â
Aptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity service
Â
Cloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Â
Choosing Your Windows Azure Platform Strategy
Choosing Your Windows Azure Platform Strategy
Â
Microsoft Best Practices - AWS India Summit 2012
Microsoft Best Practices - AWS India Summit 2012
Â
Building IAM for OpenStack
Building IAM for OpenStack
Â
Mehr von openstackindia
Guts & OpenStack migration
Guts & OpenStack migration
openstackindia
Â
Copr HD OpenStack Day India
Copr HD OpenStack Day India
openstackindia
Â
OPNFV & OpenStack
OPNFV & OpenStack
openstackindia
Â
Your first patch to OpenStack
Your first patch to OpenStack
openstackindia
Â
OpenStack Neutron Behind The Senes
OpenStack Neutron Behind The Senes
openstackindia
Â
OpenStack Storage Buddy Ceph
OpenStack Storage Buddy Ceph
openstackindia
Â
OpenStack Watcher
OpenStack Watcher
openstackindia
Â
State of Containers in OpenStack
State of Containers in OpenStack
openstackindia
Â
The OpenStack Contribution Workflow
The OpenStack Contribution Workflow
openstackindia
Â
Introduction to Cinder
Introduction to Cinder
openstackindia
Â
OpenStack NFV Edge computing for IOT microservices
OpenStack NFV Edge computing for IOT microservices
openstackindia
Â
OpenStack Tempest and REST API testing
OpenStack Tempest and REST API testing
openstackindia
Â
Deploying openstack using ansible
Deploying openstack using ansible
openstackindia
Â
Ceph openstack-jun-2015-meetup
Ceph openstack-jun-2015-meetup
openstackindia
Â
Role of sdn controllers in open stack
Role of sdn controllers in open stack
openstackindia
Â
Outreachy with-openstack-zaqar
Outreachy with-openstack-zaqar
openstackindia
Â
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world application
openstackindia
Â
Openstack devops challenges
Openstack devops challenges
openstackindia
Â
Demistifying open stack storage
Demistifying open stack storage
openstackindia
Â
OpenStack Heat
OpenStack Heat
openstackindia
Â
Mehr von openstackindia
(20)
Guts & OpenStack migration
Guts & OpenStack migration
Â
Copr HD OpenStack Day India
Copr HD OpenStack Day India
Â
OPNFV & OpenStack
OPNFV & OpenStack
Â
Your first patch to OpenStack
Your first patch to OpenStack
Â
OpenStack Neutron Behind The Senes
OpenStack Neutron Behind The Senes
Â
OpenStack Storage Buddy Ceph
OpenStack Storage Buddy Ceph
Â
OpenStack Watcher
OpenStack Watcher
Â
State of Containers in OpenStack
State of Containers in OpenStack
Â
The OpenStack Contribution Workflow
The OpenStack Contribution Workflow
Â
Introduction to Cinder
Introduction to Cinder
Â
OpenStack NFV Edge computing for IOT microservices
OpenStack NFV Edge computing for IOT microservices
Â
OpenStack Tempest and REST API testing
OpenStack Tempest and REST API testing
Â
Deploying openstack using ansible
Deploying openstack using ansible
Â
Ceph openstack-jun-2015-meetup
Ceph openstack-jun-2015-meetup
Â
Role of sdn controllers in open stack
Role of sdn controllers in open stack
Â
Outreachy with-openstack-zaqar
Outreachy with-openstack-zaqar
Â
Enhancing OpenStack FWaaS for real world application
Enhancing OpenStack FWaaS for real world application
Â
Openstack devops challenges
Openstack devops challenges
Â
Demistifying open stack storage
Demistifying open stack storage
Â
OpenStack Heat
OpenStack Heat
Â
KĂŒrzlich hochgeladen
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Â
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
Sujit Pal
Â
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service đž 8923113531 đ° Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service đž 8923113531 đ° Avail...
gurkirankumar98700
Â
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Â
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Â
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Â
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Â
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Â
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Â
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Â
#StandardsGoals for 2024: Whatâs new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: Whatâs new for BISAC - Tech Forum 2024
BookNet Canada
Â
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Â
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Â
đŹ The future of MySQL is Postgres đ
đŹ The future of MySQL is Postgres đ
RTylerCroy
Â
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Â
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Â
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Â
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Â
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
Â
Swan(sea) Song â personal research during my six years at Swansea ... and bey...
Swan(sea) Song â personal research during my six years at Swansea ... and bey...
Alan Dix
Â
KĂŒrzlich hochgeladen
(20)
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Â
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
Â
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service đž 8923113531 đ° Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service đž 8923113531 đ° Avail...
Â
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Â
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Â
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Â
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Â
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Â
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Â
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Â
#StandardsGoals for 2024: Whatâs new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: Whatâs new for BISAC - Tech Forum 2024
Â
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Â
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Â
đŹ The future of MySQL is Postgres đ
đŹ The future of MySQL is Postgres đ
Â
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Â
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Â
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Â
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Â
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Â
Swan(sea) Song â personal research during my six years at Swansea ... and bey...
Swan(sea) Song â personal research during my six years at Swansea ... and bey...
Â
OpenStack Security
1.
IBM Security Systems OpenStack
Security Sreekanth Iyer Executive IT Architect IBM Security Systems © 2013 IBM Corporation 1 © 2013 IBM Corporation
2.
IBM Security Systems OpenStack
- Core Projects / Components Compute (Nova) â Provision and manage virtual machines Dashboard (Horizon) â Self-service portal Image (Glance) â Catalog and manage server images Identity (Keystone) â Unified authentication, integrates with existing systems Object Storage (Swift) â petabytes of secure, reliable object storage Source: http://ken.pepple.info/openstack/2012/02/21/revisit-openstack-architecture-diablo/ 2 © 2013 IBM Corporation
3.
IBM Security Systems Keystone
(Identity Service) offers project-wide identity, token, service catalog, and policy service designed for integrate with existing systems Core Use Cases: ⹠Authenticate user / password requests against multiple backends (SQL, LDAP, etc) (Identity Service) ⹠Validates / manages tokens used after initial username/password verification (Token Service) ⹠Endpoint registry of available services (Service Catalog) ⹠Authorize API requests (Policy Service) Key Capabilities: ⹠User / Tenant model with Role-Based Access Control ⹠Policy service provides a rule-based authorization engine and the associated rule management interface. ⹠Each service configured to serve data from pluggable backend (Key-Value, SQL, PAM, LDAP, Templates) ⹠REST-based APIs 3 © 2013 IBM Corporation
4.
IBM Security Systems Basic
Concepts The Identity service has two primary functions: âUser management: keep track of users and what they are permitted to do âService catalog: Provide a catalog of what services are available and where their API endpoints are located 4 © 2013 IBM Corporation
5.
IBM Security Systems Identity
Service â Key terms Token A token is an arbitrary bit of text that is used to User access resource which is valid for a finite duration A digital representation of a person, system, or and can be revoked at anytime service Tenant Users have a login and may be assigned tokens to A container used to group or isolate resources access resources. and/or identity objects. Depending on the service Users may be directly assigned to a particular operator, a tenant may map to a customer, account, tenant organization, or project. Credentials Service Data that belongs to, is owned by, and generally An OpenStack service, such as Compute (Nova), only known by a user that the user can present to Object Storage (Swift), or Image Service (Glance). prove they are who they are for example â A service provides one or more endpoints through username/password which users can access resources and perform (presumably useful) operations. Authentication Endpoint Validate the user claims like a set of credentials (username& password, or username and API key). An network-accessible address, usually described by URL, where a service may be accessed. After initial confirmation, Keystone will issue the user a token which the user can then provide to Role demonstrate that their identity has been A personality that a user assumes when performing authenticated when making subsequent requests. a specific set of operations. A role includes a set of right and privileges. Source : http://docs.openstack.org/api/openstack-identity-service/2.0/content/identity-dev-guide-2.0.pdf 5 © 2013 IBM Corporation
6.
IBM Security Systems Identity
Service â Key Concepts Identity Management RBAC Tenant -> User -> [ Credential | Token | Role ] OpenStack has a configurable RBAC system that Tenants have Users. Users can belong to many can be used to customize API access by Role. tenants. Users authenticate using a Credential and get a Role is given to a user in Keystone. time-scoped Token. Tenant + User pairs can have many roles. The API access is defined by a policy.json file that is specific to each project (Nova example). Service "Catalog" Service -> Endpoint In Keystone, a token that is issued to a user Services (e.g. Compute, Object Storage, Image includes the list of roles that user can assume. Service) have many Endpoints. Endpoints are typically a URL + where it is accessible from (e.g. Services that are being called by that user internal, public) determine how they interpret the set of roles a user has and which operations or resources each roles grants access to. 6 © 2013 IBM Corporation
7.
IBM Security Systems Keystone
Workflow http://docs.openstack.org/trunk/openstack-compute/admin/content/keystone-concepts.html 7 © 2013 IBM Corporation
8.
IBM Security Systems
Configuring Services to work with Keystone Once Keystone is installed and running, services need to be configured to work with it. In general: Clients making calls to the service will pass in an authentication token. The Keystone middleware will look for and validate that token, taking the appropriate action. It will also retrieve additional information from the token such as user name, id, tenant name, id, roles, etc... The middleware will pass those data down to the service as headers. Keystone Auth-Token Middleware The Keystone auth_token middleware is a WSGI component that can be inserted in the WSGI pipeline to handle authenticating tokens with Keystone. Configuring Keystone for an LDAP backend It is possible to connect an LDAP backend with the Identity service Keystone. 8 © 2013 IBM Corporation
9.
IBM Security Systems Keystone
APIs Token Operations User Operations Tenant Operations 9 © 2013 IBM Corporation
10.
IBM Security Systems Keystone
â Observations & Enhancements Integration with enterprise security systems Support for Security Standards & Federation â Need to support external services for Authentication and Authorization i.e. OAuth, SAML and OpenID Audit, Compliance & Governance â Current logging mostly focused on debugging and monitoring; Need automated way to provide audit and assessment data Scalability and Performance â Need to scale and perform for enterprise grade deployments Support for Multi-tenancy & Keystone Domains 10 © 2013 IBM Corporation
Jetzt herunterladen