Authentication & Authorization

📄️ Authentication Service Principles

The platform authentication service component (keystone) initially adopted OpenStack's keystone component. In 2019, it was refactored using golang to implement the keystone component, maintaining compatibility with OpenStack Keystone v3.0 API, and extended the implementation of authentication sources (identity_provider) and permissions (policy), making it easier to implement complex authentication sources (such as SAML 2.0) and permission systems.

🗃️ Authentication System

2 items

📄️ Resource and Permission System

Keystone's resource and permission system is defined by three types of resources: projects, roles, and permissions. Projects are the ownership of resources. To use resources, users must join corresponding projects with specific roles. Roles are associated with policies, defining user permissions.

📄️ Service Catalog

Introduces how Keystone's service catalog works. The Keystone service catalog defines regions, services, and service access endpoints within specified regions.

📄️ Service Configuration Management

Keystone provides infrastructure for service configuration management to facilitate managing configurations for each service.

📄️ Domain (Tenant)

Introduction to the concept of domain or tenant

📄️ Quota System

Introduction to Keystone's domain and project resource quota management