Chapter 6. Future Work
Keystone has made substantial strides in capabilities over the past few years and has matured significantly. Nonetheless, there are still several areas in which there are opportunities for improvement. In this chapter, we describe several areas that we anticipate will be the focus for future work on Keystone. These include multi-factor authentication, improved Horizon integration for multi-region K2K Federation, replacement of service accounts with X509 certificates, alternative LDAP support models, centralized policies, and integration with other technologies. In essence, we will be continuing on the path of Keystone becoming an interface layer to additional established (and emerging) enterprise-focused identity and authentication capabilities.
6.1 Multi-Factor Authentication
Keystone currently only supports the use of a single authentication method. In certain circumstances, it may be desirable to require multiple methods of authentication to be utilized to ensure authentication requirements are satisfied. The use of multiple authentication mechanisms is typically referred to as multi-factor authentication. With multi-factor authentication, a user not only needs to provide a valid password but also must perform some other form of authentication, such as entering a personal identification number (PIN) that is sent by text message. As OpenStack and Keystone adoption continues to grow, we anticipate that there will be usage environments in which multi-factor ...
Get Identity, Authentication, and Access Management in OpenStack now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.