---
launchpad: keystone
release-model: cycle-with-rc
team: keystone
type: service
repository-settings:
  openstack/keystone: {}
releases:
  - projects:
      - hash: 1f1522703cfa25a533b7462aa402ac30128473e3
        repo: openstack/keystone
    version: 15.0.0.0rc1
  - projects:
      - hash: c78581b4608f3dc10e945d358963000f284f188a
        repo: openstack/keystone
    version: 15.0.0.0rc2
  - diff-start: 14.0.0.0rc1
    projects:
      - hash: c78581b4608f3dc10e945d358963000f284f188a
        repo: openstack/keystone
    version: 15.0.0
branches:
  - location: 15.0.0.0rc1
    name: stable/stein
cycle-highlights:
  - This release introduced Multi-Factor Authentication Receipts, which
    facilitates a much more natural sequential authentication flow when
    using MFA.
  - The limits API now supports domains in addition to projects, so
    quota for resources can be allocated to top-level domains and distributed
    among children projects.
  - JSON Web Tokens are added as a new token format alongside fernet
    tokens, enabling support for a internet-standard format. JSON Web
    Tokens are asymmetrically signed and so synchronizing private keys
    across keystone servers is no longer required with this token format.
  - Multiple keystone APIs now support system scope as a policy target,
    which reduces the need for customized policies to prevent global
    access to users with an admin role on any project.
  - Multiple keystone APIs now use default reader, member, and admin
    roles instead of a catch-all role, which reduces the need for customized
    policies to create read-only access for certain users.
release-notes: https://docs.openstack.org/releasenotes/keystone/stein.html