Bug 1041928

Summary: [RFE][keystone]: Client preferences for encryption algorithm and key sizes should be specifiable
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/keystone/+spec/encryption+preferences
Whiteboard: upstream_milestone_none upstream_status_unknown upstream_definition_obsolete
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 17:08:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 20:07:23 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/encryption+preferences.

Description:

Volume encryption is a candidate for Havana. While is possible to specify encryption parameters such as algorithm, key-size, keys etc via nova config file, that would be across all users. It should be possible for clients to specify and save their preferences. When not specified, these should default to strong, industry popular options.  For example aes-xts-plain64 for volume encryption. aes-256-cbc for object encryption.  The available options should be retrievable from a common openstack component. These settings should be attached to the client accounts with the most specific value used, for example if user has no specification, check any project specification, if none, then check for any domain specification, else use default.

Specification URL (additional information):

None