One of the core tenets of The Cloud is application-driven, self-service infrastructure management. Until now, OpenStack's system for managing access control has fundamentally hindered a true self-service user experience and required users to file tickets with their administrators in order to get their applications the access they need to do work. With the introduction of access rules for keystone application credentials, we can finally empower OpenStack users to take full control over their own cloud-native applications by delegating a minimal set of permissions to their applications without the need for operator interference.
In this talk, attendees will learn about the evolution of this new access control system in OpenStack keystone, how it works in tandem with the current policy system in OpenStack, and how it compares with other authorization models like OAuth2, AWS IAM, or Istio Authorization. Attendees will gain an understanding of how the keystone project is transitioning away from being only a user-centric service and why it is so important to start thinking in terms of application-driven workloads.
In this talk, attendees will learn about the evolution of this new access control system in OpenStack keystone, how it works in tandem with the current policy system in OpenStack, and how it compares with other authorization models like OAuth2, AWS IAM, or Istio Authorization. Attendees will gain an understanding of how the keystone project is transitioning away from being only a user-centric service and why it is so important to start thinking in terms of application-driven workloads.