--- launchpad: keystone release-model: cycle-with-rc team: keystone type: service repository-settings: openstack/keystone: {} releases: - projects: - hash: 1f1522703cfa25a533b7462aa402ac30128473e3 repo: openstack/keystone version: 15.0.0.0rc1 - projects: - hash: c78581b4608f3dc10e945d358963000f284f188a repo: openstack/keystone version: 15.0.0.0rc2 - diff-start: 14.0.0.0rc1 projects: - hash: c78581b4608f3dc10e945d358963000f284f188a repo: openstack/keystone version: 15.0.0 - version: 15.0.1 projects: - repo: openstack/keystone hash: 95b2bbeab113d9f04d1c81f7f1b48bf692bce979 - version: stein-em projects: - repo: openstack/keystone hash: 95b2bbeab113d9f04d1c81f7f1b48bf692bce979 - version: stein-eol projects: - repo: openstack/keystone hash: 1d9baa62ac4c3df8ef998d7c331deedece123123 branches: - location: 15.0.0.0rc1 name: stable/stein cycle-highlights: - This release introduced Multi-Factor Authentication Receipts, which facilitates a much more natural sequential authentication flow when using MFA. - The limits API now supports domains in addition to projects, so quota for resources can be allocated to top-level domains and distributed among children projects. - JSON Web Tokens are added as a new token format alongside fernet tokens, enabling support for a internet-standard format. JSON Web Tokens are asymmetrically signed and so synchronizing private keys across keystone servers is no longer required with this token format. - Multiple keystone APIs now support system scope as a policy target, which reduces the need for customized policies to prevent global access to users with an admin role on any project. - Multiple keystone APIs now use default reader, member, and admin roles instead of a catch-all role, which reduces the need for customized policies to create read-only access for certain users. release-notes: https://docs.openstack.org/releasenotes/keystone/stein.html