Bug 1041861

Summary: [RFE][keystone]: A Key Distribution Server that release tickets to be used for RPC Messaging Security
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: openstack-keystoneAssignee: RHOS Maint <rhos-maint>
Status: CLOSED WONTFIX QA Contact: Ami Jeain <ajeain>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: aberezin, ayoung, markmc, nkinder, yeylon
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: 5.0 (RHEL 7)   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/keystone/+spec/key-distribution-server
Whiteboard: upstream_milestone_none upstream_status_needs-code-review upstream_definition_obsolete
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-27 01:28:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 19:45:36 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/key-distribution-server.

Description:

MessageSecurity requires a central repository to register service identies, manage grou pof sevices and store shared keys,a s well as provide a ticketing system to allow secure communication between parties (signing and optionally encryption services).
The Key Distribution Server manages the ticketing system and stores shared keys between the Server itself and the registered servies. It may also store temporary group keys.

This server is necessary for the implementation of https://wiki.openstack.org/wiki/MessageSecurity

Specification URL (additional information):

https://wiki.openstack.org/wiki/MessageSecurity#A_Key_Distribution_Server_in_Keystone
Comment 2 Nathan Kinder 2014-02-27 01:28:11 UTC 
This was pulled out of Icehouse for a few reasons.  For one, it wasn't going to be completed in time.  There is also quite a bit of debate about where this will ultimately live.  It looks like it will not ever be a part of Keystone (it might live in Barbican, or stand on it's own).

Closing this as WONTFIX.