Federated Identity & Federated Service Provider Support for OpenStack Clouds
One of the highly-sung benefits to choosing an OpenStack provider is the promise of portability. Users want to be confident that the tools they are using and the status events they anticipate are interoperable across all OpenStack providers. So if one cloud service provider is deemed better than another for a certain type of workload, it can be moved without change to the clients, the monitoring, or even the user interface. This uniformity creates the look & feel of a cloud of clouds.
For large enterprises, the more control they have over the authentication and authorization functions across multiple vendors and systems, the more access governance and auditing they can do. When an employee leaves a company, it could be detrimental to inadvertently leave their access intact. When a new employee is hired, they shouldn't have to climb over the hurdles of red tape-laden processes in order to access the critical systems they need to do their job. In Icehouse, thanks in large part to CERN, IBM, Rackspace, RedHat, and the University of Kent, identity federation took a foothold. Now, companies can resume control of the authentication process prior to enabling access to an OpenStack cloud.
However, identity federation is only 1/2 of the equation. To access the portability benefits that a cloud of clouds offers, companies need to be able to specify which OpenStack clouds to trust and which ones not to trust. This session will hone in on service provider federation and explain how enterprises can identify trust-based relationships to implement federation solutions.
IBM Software Developer (Keystone Core), IBM Canada Ltd.
Steve Martinelli is an OpenStack Active Technical Contributor and a Keystone Core Developer. He primarirly focuses on enabling Keystone to better integrate into enterprise environments. Steve was responsible for adding OAuth support to Keystone and is currently adding Federated Identity support to Keystone. In his spare time he also contributes to OpenStackClient as a Core Developer. Steve received his B.ASc. in Computer Engineering from York University.
Rackspace Identity Product Manager
Joe Savak has been a Racker for over two years, and is passionately working to bring authentication and authorization features to customers. He enjoys building computers and getting his son involved in new technologies.
IBM Distinguished Engineer, OpenStack, IBM
Dr. Brad Topol is an IBM Distinguished Engineer in the SWG Open Technologies Strategy organization. In his current role, Brad leads a development team focused on contributing to and improving OpenStack and he has cross-IBM responsibility for coordinating its contributions to OpenStack. Brad is an OpenStack Active Technical Contributor and has personally contributed to multiple OpenStack projects including Keystone and DevStack. Over the years, Brad has been involved in advanced technology... Read More →
Rackspace Principal Architect
Thursday May 15, 2014 9:50am - 10:30am
Attendance numbers do not account for private attendees. Get there early!
Remove this from your schedule?
This session is full and you may not be able to get back in.