Keystone―OpenStack's Identity service―provides secure controlled access to a cloud’s resources. In OpenStack environments, Keystone performs many vital functions, such as authenticating users and determining what resources users are authorized to access.

Whether the cloud is private, public, or dedicated, access to cloud resources and security is essential. This practical guide to using Keystone provides detailed, step-by-step guidance to creating a secure cloud environment at the Infrastructure-as-a-Service layer―as well as key practices for safeguarding your cloud's ongoing security.

• Learn about Keystone's fundamental capabilities for providing Identity, Authentication, and Access Management
• Perform basic Keystone operations, using concrete examples and the latest version (v3) of Keystone's Identity API
• Understand Keystone's unique support for multiple token formats, including how it has evolved over time
• Get an in-depth explanation of Keystone's LDAP support and how to configure Keystone to integrate with LDAP
• Learn about one of Keystone's most sought-after features―support for federated identity

About the Author

Steve Martinelli is an OpenStack Active Technical Contributor and a Keystone Core Contributor. He primarily focuses on enabling Keystone, which is OpenStack's Identity Manager, to better integrate into enterprise environments. Steve was responsible for adding Federated Identity and OAuth support to Keystone and was one of the leading contributors to Keystone to Keystone federation support for interoperable hybrid cloud enablement. In his spare time he also contributes to OpenStackClient, pyCADF, and oslo.policy and is a core contributor in each of these projects. Steve received his B.ASc. in Computer Engineering from York University.

Henry works in IBM's Cloud division as an OpenStack Architect and a core contributor to OpenStack Keystone, driving enterprise capabilities into OpenStack as well as IBM's products that use OpenStack. He has a long history of developing enterprise software, graphics and communication systems as well as nanotechnology, having founded numerous successful companies in Europe and the USA, finally coming to IBM via acquisition in 2009. He holds a 1st class honors degree in Electrical Engineering from the University of Southampton, UK.

Dr. Brad Topol is an IBM Distinguished Engineer in the IBM Cloud Architecture and Technology organization. In his current role, Brad leads a development team focused on contributing to and improving OpenStack and he has cross-IBM responsibility for coordinating its contributions to OpenStack. Brad is an OpenStack core contributor to Keystone-Specs, Pycadf, and Heat-Translator and has personally contributed to multiple OpenStack projects including Keystone, Pycadf, Heat-Translator, and DevStack. He received a Ph.D. in Computer Science from the Georgia Institute of Technology in 1998.