Ask Your Question

Revision history [back]

Authentication and Authorization for Quantum

We know that for the latest Quantum Folsom version, the Keystone is enabled by default as the Authentication and Authorization service for Quantum. I am right now investigating other alternatives for Authentication and Authorization if we do not use Keystone.

We also know that we can use both the Quantum CLI tool and HTTP REST API to do the same things with Quantum(Quantum CLI tool in fact a wrapper to call HTTP REST API). Therefore, if I disable the Keystone from the Quantum configuration file but still want to equip Quantum with user Authentication and Authorization, I know that I can act as the ADMIN role with Quantum CLI tool to use Quantum on behalf of all other users with some existing authentication alternatives such as PAM. By using PAM, we can control the access of the ADMIN user with use of Quantum CLI tool. However, if we want to use the HTTP REST API directly, I have no idea right now of how to do the Authentication for each user from the REST call.

For Authorization, I have not gotten the chance to have an investigation of what other alternatives can be used for Quantum, either using Quantum CLI tool or using HTTP REST API directly, if we will not use Keystone.

Hope i can get some insights for the topic above here. Thank you in advance.