---
launchpad: keystone
release-model: cycle-with-rc
team: keystone
type: service
repository-settings:
  openstack/keystone: {}
releases:
  - projects:
      - hash: 1f1522703cfa25a533b7462aa402ac30128473e3
        repo: openstack/keystone
    version: 15.0.0.0rc1
  - projects:
      - hash: c78581b4608f3dc10e945d358963000f284f188a
        repo: openstack/keystone
    version: 15.0.0.0rc2
  - diff-start: 14.0.0.0rc1
    projects:
      - hash: c78581b4608f3dc10e945d358963000f284f188a
        repo: openstack/keystone
    version: 15.0.0
branches:
  - location: 15.0.0.0rc1
    name: stable/stein
cycle-highlights:
  - 'This release introduced Multi-Factor Authentication Receipts, which facilitates
    a much more natural sequential authentication flow when using MFA.'
  - 'The limits API now supports domains in addition to projects, so quota for resources
    can be allocated to top-level domains and distributed among children projects.'
  - 'JSON Web Tokens are added as a new token format alongside fernet tokens, enabling
    support for a internet-standard format. JSON Web Tokens are asymmetrically signed
    and so synchronizing private keys across keystone servers is no longer required
    with this token format.'
  - 'Multiple keystone APIs now support system scope as a policy target, which reduces
    the need for customized policies to prevent global access to users with an admin
    role on any project.'
  - 'Multiple keystone APIs now use default reader, member, and admin roles instead
    of a catch-all role, which reduces the need for customized policies to create
    read-only access for certain users.'
release-notes: https://docs.openstack.org/releasenotes/keystone/stein.html