OpenStack Identity (Keystone) Specifications
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Zuul 2d4dd7fb7d Merge "[ussuri][goal] Drop python 2.7 support" 1 week ago
attic Move SP endpoint filters spec to attic 9 months ago
doc/source Repropose federated attributes in the user API for Ussuri 2 months ago
specs Merge "Repropose Expiring Group Membership for Ussuri" 3 weeks ago
superseded add a README file to the superseded spec folder 3 years ago
tests Add a new section that lists implemented specs for middleware 5 years ago
.gitignore Switch to stestr 1 year ago
.gitreview OpenDev Migration Patch 10 months ago
.stestr.conf Switch to stestr 1 year ago
.zuul.yaml [ussuri][goal] Drop python 2.7 support 1 month ago
LICENSE Initial Commit for Identity-specs repo 5 years ago
README.rst Update links in README 1 year ago
requirements.txt [ussuri][goal] Drop python 2.7 support 1 month ago
setup.cfg Add Python 3 Train unit tests 7 months ago Updated from global requirements 5 years ago
tox.ini [ussuri][goal] Drop python 2.7 support 1 month ago


Team and repository tags


OpenStack Identity Specifications

This git repository is used to hold approved design specifications for additions to the Keystone project. Reviews of the specs are done in gerrit, using a similar workflow to how we review and merge changes to the code itself.

The layout of this repository for Keystone specifications is:


The layout of this repository for Keystone Client is:


When a release of Keystone Client is cut, the implemented blueprints will be moved to a directory specific to that release:


You can find an example spec in specs/template.rst.

For specifications that have been reviewed and approved but have not been implemented:


Specifications in this directory indicate the original author has either become unavailable, or has indicated that they are not going to implement the specification. The specifications found here are available as projects for people looking to get involved with Keystone. If you are interested in claiming a spec, start by posting a review for the specification that moves it from this directory to the next active release. Please set yourself as the new primary assignee and maintain the original author in the other contributors list.

Specifications are proposed for a given release by adding them to the specs/<release> directory and posting it for review. Not all approved blueprints will get fully implemented. The implementation status of a blueprint for a given release can be found by looking at the blueprint in Launchpad:<blueprint-name>


Specifications not accepted by the second milestone of a release will not be targeted for that release without an explicit exception granted. To request an exception, send an email to the developer mailing list with the details of the specification, why it should be accepted after the deadline, and any supporting documentation (e.g. proof of concept code) that will indicate to the core team it will be completed before feature freeze.

Incomplete specifications have to be re-proposed for every release. The review may be quick, but even if something was previously approved, it should be re-reviewed to make sure it still makes sense as written.

Prior to the Juno development cycle, this repository was not used for spec reviews. Reviews prior to Juno were completed entirely through Launchpad blueprints:

Please note, Launchpad blueprints are still used for tracking the current status of blueprints. For more information, see:

For more information about working with gerrit, see:

To validate that the specification is syntactically correct (i.e. get more confidence in the Jenkins result), please execute the following command:

$ tox

After running tox, the documentation will be available for viewing in HTML format in the doc/build/ directory.