Professional Documents
Culture Documents
VS OS MOD4 Identity
VS OS MOD4 Identity
1 1..n 1 owns
Domain Project
0..n
Network
1 1 1..n
0..n 0..n
Volume
0..n 0..n
Group User
0..n
Container
0..n …
EMC CONFIDENTIAL—INTERNAL USE ONLY 6
BASIC CONCEPTS: IDENTITY & ROLES
• Users: represent basic API consumers
1 0..n 1
and belong to a domain. Many Domain User
Source: http://docs.openstack.org/developer/keystonemiddleware/audit.html
EMC CONFIDENTIAL—INTERNAL USE ONLY 16
OPTIONAL: KEYSTONE FEDERATION
• Keystone can be configured as Service Provider trusting identity
properties issued by external Identity Provider managing users
and groups (e.g. SAML, OpenID)
• Keystone can also serve as Identity Provider to federate
multiple Keystone deployments in different clouds
– Cloud1 token -> SAML assertions -> Cloud2 token