openstack-manuals/doc/common-rst/get_started_identity.rst
Brian Moss 107ddb1a65 Update Identity service intro and concepts
Updates Identity service information in the
Get Started with OpenStack chapter and moves
Identity concepts information to the Identity
Management chapter.

Change-Id: Icdffc456a258cc16a2ced8743897f8c647b997b9
Closes-Bug: #1239308
2015-08-27 12:04:18 +10:00

47 lines
1.9 KiB
ReStructuredText

==================
OpenStack Identity
==================
The OpenStack :term:`Identity service <Identity>` provides a single point of
integration for managing authentication, authorization, and service catalog
services. Other OpenStack services use the Identity service as a common
unified API. Additionally, services that provide information about users
but that are not included in OpenStack (such as LDAP services) can be
integrated into a pre-existing infrastructure.
In order to benefit from the Identity service, other OpenStack services need to
collaborate with it. When an OpenStack service receives a request from a user,
it checks with the Identity service whether the user is authorized to make the
request.
The Identity service contains these components:
Server
A centralized server provides authentication and authorization
services using a RESTful interface.
Drivers
Drivers or a service back end are integrated to the centralized
server, and are used for accessing identity information in
repositories, external to OpenStack, and maybe already existing in
the infrastructure where OpenStack is deployed (for example, SQL
databases or LDAP servers).
Modules
Middleware modules run in the address space of the OpenStack
component that is using the Identity service. These modules
intercept service requests, extract user credentials, and send them
to the centralized server for authorization. The integration between
the middleware modules and OpenStack components uses the Python Web
Server Gateway Interface.
When installing OpenStack Identity service, you must register each
service in your OpenStack installation. Identity service can then track
which OpenStack services are installed, and where they are located on
the network.
The following diagram shows the OpenStack Identity process flow:
.. image:: figures/SCH_5002_V00_NUAC-Keystone.png
:alt: OpenStack Identity process flow