OpenStack Keystone hackathon outcomes for Juno

Keystone's OpenStack Juno Hackathon in San Antonio, TX (summer 2014) was certainly a productive one.

In total, we had 20 Keystone community members in attendance, including 8 core reviewers. We collaboratively revised and merged 5 feature proposals to openstack/keystone-specs, along with 25 additional patches across the identity program's 5 repositories (plus a handful of commits to projects like Tempest and DevStack). For bonus points, we also promoted 1 community member, Lance Bragstad (lbragstad), to be a keystone-core reviewer (congratulations!).

Prominent discussion topics included:

  • A federated workflow for Horizon
  • A workflow for handling unscoped tokens in Horizon
  • How Barbican (among other projects) can and should consume Keystone notifications (project deletion events, specifically)
  • How Keystone should store IdP public keys
  • How Barbican should handle endpoint versioning and discovery
  • How the community wants to document and propose API impact moving forward (openstack/identity-api versus openstack/keystone-specs)
  • Simplifying the openstack/keystone-specs process
  • Keystone-to-keystone federation
  • Our path toward non-persistent tokens
  • x509-based client authentication
  • Consuming revocation events

If you want to dig into the gritty details, you're welcome to review our discussion notes on Etherpad.