Services > Management
Keystone is the OpenStack component that takes care of identity – a set of services designed for user authentication and authorization through OpenStack Cloud. The service enables the identity of the customer to be verified securely and a unique access code (token) to be assigned for access to his resources. Keystone is thus one of the key components of the OpenStack ecosystem and interacts with all components that allow user access.
Fine granular rights management allows the creation of user groups and the restriction of their rights
The tokens ensure that each user can be uniquely identified
We offer you an availability of 99.9% p.a.
Keystone is a group of internal services that are highly available on multiple endpoints. Many of these services are combined with the frontend. For example, an authenticated call validates user / project credentials with the Identity Service and interacts a token with the token service during creation and return.
Components from Keystone:
- User: represents a client entity (user, company, group, service) that uses a specific OpenStack application. It is assigned to specific tenants with specific roles.
- Tenant (project in V3): a security group with specific rights for the resource or application.
- Role: a set of access rights granted to users to perform any operations. It is included in the token.
- Token: a special text block with a unique code and roles. It could also be said that it is an embodiment of the user and his rights.
- Service: any OpenStack application for which access is granted. For example, compute (Nova) or networking (Neutron)
- Endpoint: a front-end URL interface of the application.