External Authorization Integration in Swift [closed]

asked 2013-05-07 15:11:49 -0500

talfco gravatar image

Hi I'm a novice of OpenStack but evaluating it for a private cloud setup for sensitive personal data storage using swift ( unstructured sensitive customer data).

  • Now key point is the integration of our external authorization system. As far I understand the developer documentation the integration via the Auth System Node is possible.
  • It's for me not completely clear how the interception looks like after the system gave out a valid x-auth token with its expiry. 
  • Is my understanding correct that each of the subsequent user request to swift will be intercepted by the auth system, which could do now some enhanced access control checks.
  • In my use case we would have to provide in each request an additional identifier (unique client id) to the auth system ( will change from one call to the other), the auth system would have to check if the user requesting the data is allowed to see the data of this client (data entitlement). This request would be delegated to the external system.
edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2013-12-26 02:49:23.557956

1 answer

Sort by » oldest newest most voted

answered 2013-05-15 03:12:16 -0500

fifieldt gravatar image


Two options come to mind:

1) If your existing system is using LDAP or Active Directory, consider using the OpenStack Identity service backing on to this (http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-keystone-for-ldap-backend.html) - it integrates well with swift.

2) If you have a 'special' system that has its own API, you can write a small module to put in the swift pipeline to handle the authorisation decisions. You can find an example of how to develop a module in the OpenStack Operations Guide "Customize" chapter (http://docs.openstack.org/trunk/openstack-ops/content/customize.html)

edit flag offensive delete link more


thx for the links will dig into it

talfco gravatar imagetalfco ( 2013-05-15 14:51:29 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2013-05-07 15:11:49 -0500

Seen: 347 times

Last updated: May 15 '13