SlideShare une entreprise Scribd logo
1  sur  33
Télécharger pour lire hors ligne
Providing Moonshot access to OpenStack

Vincent Giersch - vg66
MSc Computer Security - University of Kent




                                             Moonshot
Supervisor: David Chadwick
Contents
 • Moonshot overview
 • OpenStack overview
 • Providing Moonshot access to OpenStack
     • Federated Keystone
     • How it will work ?
     • Technical architecture
 • Roadmap
 • Questions
Moonshot Overview


                    Moonshot
Moonshot   Federated authentication and authorization

           For web and non-web services and applications
Example: IE à Apache




                                        Moonshot

Source: Janet
Example: PuTTY à OpenSSH




                                            Moonshot

Source: Janet
Moonshot technologies
Moonshot is built on:
 • Strong authentication: EAP/RADIUS
 • Strong authorisation: SAML
 • Easy service/application integration: SASL/GSS-API
Standardisation approaching completion within the
Internet Engineering Task Force (IETF)


                                                        Moonshot
OpenStack Overview
Starting the virtualization...




                                 Source: OpenStack Foundation
Starting the virtualization...

   Host 1              Host 2                 Host 3     Host 4, etc.




            Hypervisor
            (VMWare ESX, Citrix XEN Server, KVM, etc.)



            Hardware abstraction for each server
                                                           Source: OpenStack Foundation
... but how to manage the resources ?



   Provisioning ?            User management ?
Add the missing cloud management layer


                  APIs      Self-service for users



      Creates                      Automates
 Pools of Resources                deployment
Main components of OpenStack
                       Applications
                             APIs




      Identity   Compute              Storage   Network
     Keystone     Nova                 Swift    Quantum


                 Standard Hardware
Moonshot
           +
Federated Keystone

         Allows to use external Identity Providers (IdP)

         Easy user provisioning

         Provides Single Sign On (SSO) to the users

          Developed as a Keystone middleware
How it will work ?
How it will work ?



                   Asks a list of
                 Identity providers
  User                                Keystone
How it will work ?



                Returns the Identity
                Providers available
  User                                 Keystone
How it will work ?



                 Chooses a IdP
                  (Moonshot)
  User                           Keystone
How it will work ?



                    Returns
                 Moonshot details
  User                              Keystone
How it will work ?



              Chooses the identity
                that he will use
  User                               Keystone
How it will work ?

                       Negotiate
                     authentication




  User                 Keystone       Identity
                                      Provider
How it will work ?



                         Returns
                     list of tenants
  User                                 Keystone
How it will work ?




                Chooses a tenant
  User                             Keystone
How it will work ?



                         Returns
                     a tenant token
  User                                Keystone
How it will work ?




  User               Keystone
Technical architecture




OpenStack Client     OpenStack Keystone   Identity Provider
Technical architecture




Federated Keystone           Federated Keystone
                     HTTP

OpenStack Client            OpenStack Keystone    Identity Provider
Technical architecture




Moonshot module               Moonshot module

Federated Keystone           Federated Keystone
                     HTTP

OpenStack Client            OpenStack Keystone    Identity Provider
Technical architecture



    GSS-API                      GSS-API      AAA                       AAA
                       GSS                               AAA
Moonshot module      EAP mech     Moonshot module     transport

Federated Keystone               Federated Keystone
                      HTTP

OpenStack Client                OpenStack Keystone                Identity Provider
Technical architecture

                                     EAP method
    EAP peer                                                         EAP server

    GSS-API                      GSS-API      AAA                       AAA
                       GSS                               AAA
Moonshot module      EAP mech     Moonshot module     transport

Federated Keystone               Federated Keystone
                      HTTP

OpenStack Client                OpenStack Keystone                Identity Provider
Project roadmap
 • Study of the existing Moonshot implementations (e.g. Apache / Firefox).

 • Fork the PyKerberos library to add flexibility in the usage of the GSS-API
   C library.

 • Study of the potential needed improvements of the Keystone Federated
   protocol.

 • Implement the authentication / authorization Moonshot module.

 • Validation testing using a OpenStack client (e.g. python-swiftclient).
Questions ?




                         Moonshot
Vincent Giersch - vg66

Contenu connexe

Tendances

Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Davide Benvegnù
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure NetworkingPedro Sousa
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityScott Hoag
 
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021AWSKRUG - AWS한국사용자모임
 
Windows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesWindows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesMichael Collier
 
Microsoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberMicrosoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberDaniel Toomey
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Microsoft TechNet - Belgium and Luxembourg
 
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud InfrastructureAustin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructurebazaarvoice_engineering
 
Build 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersBuild 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersWindows Developer
 
Deep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep ArchiveDeep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep ArchiveAmazon Web Services
 
Building trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeBuilding trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeajessup
 
Building a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersBuilding a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersaslomibm
 
GUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com JavaGUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com JavaRodrigo Cândido da Silva
 
Google Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewGoogle Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewKrishna-Kumar
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewNeeraj Kumar
 
JavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EEJavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EERodrigo Cândido da Silva
 
Microsoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberMicrosoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberDaniel Toomey
 

Tendances (20)

Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
 
Why Kubernetes on Azure
Why Kubernetes on AzureWhy Kubernetes on Azure
Why Kubernetes on Azure
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure Networking
 
Global Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network SecurityGlobal Azure Bootcamp 2018 - Azure Network Security
Global Azure Bootcamp 2018 - Azure Network Security
 
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021
 
Windows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block ServicesWindows Azure for Developers - Building Block Services
Windows Azure for Developers - Building Block Services
 
Microsoft Azure News - 2018 December
Microsoft Azure News - 2018 DecemberMicrosoft Azure News - 2018 December
Microsoft Azure News - 2018 December
 
Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2Take the spaghetti out of windows azure – an insight for it pro techies part 2
Take the spaghetti out of windows azure – an insight for it pro techies part 2
 
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud InfrastructureAustin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
Austin Scales - Nexus - Bazaarvoice's Cloud Infrastructure
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
 
Build 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for ContainersBuild 2017 - P4045 - Azure VNet for Containers
Build 2017 - P4045 - Azure VNet for Containers
 
Deep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep ArchiveDeep Dive on S3 Glacier Deep Archive
Deep Dive on S3 Glacier Deep Archive
 
Building trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffeBuilding trust between modern distributed systems with spiffe
Building trust between modern distributed systems with spiffe
 
Building a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersBuilding a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containers
 
GUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com JavaGUJavaSC - Criando Micro-serviços Reativos com Java
GUJavaSC - Criando Micro-serviços Reativos com Java
 
Azure Hub spoke v1.0
Azure Hub spoke v1.0Azure Hub spoke v1.0
Azure Hub spoke v1.0
 
Google Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewGoogle Cloud Container Security Quick Overview
Google Cloud Container Security Quick Overview
 
Part 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An OverviewPart 01: Azure Virtual Networks – An Overview
Part 01: Azure Virtual Networks – An Overview
 
JavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EEJavaOne 2016 - Reactive Microservices with Java and Java EE
JavaOne 2016 - Reactive Microservices with Java and Java EE
 
Microsoft Azure News - 2018 October
Microsoft Azure News - 2018 OctoberMicrosoft Azure News - 2018 October
Microsoft Azure News - 2018 October
 

En vedette

Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013Vincent Giersch
 
UKC - Cloud computing - Group project
UKC - Cloud computing - Group projectUKC - Cloud computing - Group project
UKC - Cloud computing - Group projectVincent Giersch
 
"How to optimize the architecture of your platform" by Julien Simon
"How to optimize the architecture of your platform" by Julien Simon"How to optimize the architecture of your platform" by Julien Simon
"How to optimize the architecture of your platform" by Julien SimonTheFamily
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
 
An introduction to serverless architectures (February 2017)
An introduction to serverless architectures (February 2017)An introduction to serverless architectures (February 2017)
An introduction to serverless architectures (February 2017)Julien SIMON
 
Viadeo - Cost Driven Development
Viadeo - Cost Driven DevelopmentViadeo - Cost Driven Development
Viadeo - Cost Driven DevelopmentJulien SIMON
 
Amazon AI (February 2017)
Amazon AI (February 2017)Amazon AI (February 2017)
Amazon AI (February 2017)Julien SIMON
 
Developing and deploying serverless applications (February 2017)
Developing and deploying serverless applications (February 2017)Developing and deploying serverless applications (February 2017)
Developing and deploying serverless applications (February 2017)Julien SIMON
 

En vedette (8)

Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013Flat - Présentation du 14/09/2013
Flat - Présentation du 14/09/2013
 
UKC - Cloud computing - Group project
UKC - Cloud computing - Group projectUKC - Cloud computing - Group project
UKC - Cloud computing - Group project
 
"How to optimize the architecture of your platform" by Julien Simon
"How to optimize the architecture of your platform" by Julien Simon"How to optimize the architecture of your platform" by Julien Simon
"How to optimize the architecture of your platform" by Julien Simon
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
 
An introduction to serverless architectures (February 2017)
An introduction to serverless architectures (February 2017)An introduction to serverless architectures (February 2017)
An introduction to serverless architectures (February 2017)
 
Viadeo - Cost Driven Development
Viadeo - Cost Driven DevelopmentViadeo - Cost Driven Development
Viadeo - Cost Driven Development
 
Amazon AI (February 2017)
Amazon AI (February 2017)Amazon AI (February 2017)
Amazon AI (February 2017)
 
Developing and deploying serverless applications (February 2017)
Developing and deploying serverless applications (February 2017)Developing and deploying serverless applications (February 2017)
Developing and deploying serverless applications (February 2017)
 

Similaire à UKC - Msc Project - Providing Moonshot access to OpenStack

OpenStack at Xen summit Asia
OpenStack at Xen summit Asia OpenStack at Xen summit Asia
OpenStack at Xen summit Asia Jaesuk Ahn
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-RegionJi-Woong Choi
 
Openstack Global Meetup
Openstack Global Meetup Openstack Global Meetup
Openstack Global Meetup openstackindia
 
OpenStack: Open Source Private/Public Cloud Software
OpenStack: Open Source Private/Public Cloud SoftwareOpenStack: Open Source Private/Public Cloud Software
OpenStack: Open Source Private/Public Cloud Softwareopenstackindia
 
Openstack: Open Source software for building public and private cloud.
Openstack: Open Source software for building public and private cloud.Openstack: Open Source software for building public and private cloud.
Openstack: Open Source software for building public and private cloud.Atul Jha
 
Aptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceAptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceOpenStack
 
OpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoOpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoLew Tucker
 
Introduction and hacking OpenStack, Pycon India
Introduction and hacking OpenStack,  Pycon IndiaIntroduction and hacking OpenStack,  Pycon India
Introduction and hacking OpenStack, Pycon IndiaAtul Jha
 
7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady SaputraSDNRG ITB
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sinaHui Cheng
 
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)Raul Leite
 
What is OpenStack and the added value of IBM solutions
What is OpenStack and the added value of IBM solutionsWhat is OpenStack and the added value of IBM solutions
What is OpenStack and the added value of IBM solutionsSasha Lazarevic
 
OpenStack Winfest2011
OpenStack Winfest2011OpenStack Winfest2011
OpenStack Winfest2011Open Stack
 
OpenStack Overview for Austin Cloud User Group
OpenStack Overview for Austin Cloud User GroupOpenStack Overview for Austin Cloud User Group
OpenStack Overview for Austin Cloud User GroupAnne Gentle
 
Openstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2SchoolOpenstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2SchoolAsaf Abres
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentationSankalp Jain
 
Essel cloud-tecnical
Essel cloud-tecnicalEssel cloud-tecnical
Essel cloud-tecnicalTapas Shome
 

Similaire à UKC - Msc Project - Providing Moonshot access to OpenStack (20)

OpenStack at Xen summit Asia
OpenStack at Xen summit Asia OpenStack at Xen summit Asia
OpenStack at Xen summit Asia
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
 
Openstack Global Meetup
Openstack Global Meetup Openstack Global Meetup
Openstack Global Meetup
 
OpenStack: Open Source Private/Public Cloud Software
OpenStack: Open Source Private/Public Cloud SoftwareOpenStack: Open Source Private/Public Cloud Software
OpenStack: Open Source Private/Public Cloud Software
 
Openstack: Open Source software for building public and private cloud.
Openstack: Open Source software for building public and private cloud.Openstack: Open Source software for building public and private cloud.
Openstack: Open Source software for building public and private cloud.
 
Aptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity serviceAptira presents OpenStack keystone identity service
Aptira presents OpenStack keystone identity service
 
Dev ops operations openstack
Dev ops operations  openstackDev ops operations  openstack
Dev ops operations openstack
 
OpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoOpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at Cisco
 
Introduction and hacking OpenStack, Pycon India
Introduction and hacking OpenStack,  Pycon IndiaIntroduction and hacking OpenStack,  Pycon India
Introduction and hacking OpenStack, Pycon India
 
OpenStack meetup @ Bangalore on 31st Mar 2018
OpenStack meetup @ Bangalore on 31st Mar 2018OpenStack meetup @ Bangalore on 31st Mar 2018
OpenStack meetup @ Bangalore on 31st Mar 2018
 
7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra7 - Introduction to OpenStack & SDN by Ady Saputra
7 - Introduction to OpenStack & SDN by Ady Saputra
 
Open stack in sina
Open stack in sinaOpen stack in sina
Open stack in sina
 
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
Visão Técnica - RHOS (Red Hat Enterprise Linux OpenStack)
 
What is OpenStack and the added value of IBM solutions
What is OpenStack and the added value of IBM solutionsWhat is OpenStack and the added value of IBM solutions
What is OpenStack and the added value of IBM solutions
 
Sharad openstack slides
Sharad openstack slidesSharad openstack slides
Sharad openstack slides
 
OpenStack Winfest2011
OpenStack Winfest2011OpenStack Winfest2011
OpenStack Winfest2011
 
OpenStack Overview for Austin Cloud User Group
OpenStack Overview for Austin Cloud User GroupOpenStack Overview for Austin Cloud User Group
OpenStack Overview for Austin Cloud User Group
 
Openstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2SchoolOpenstack Fundamentals by CloudZone @Back2School
Openstack Fundamentals by CloudZone @Back2School
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentation
 
Essel cloud-tecnical
Essel cloud-tecnicalEssel cloud-tecnical
Essel cloud-tecnical
 

Dernier

Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 

Dernier (20)

Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 

UKC - Msc Project - Providing Moonshot access to OpenStack

  • 1. Providing Moonshot access to OpenStack Vincent Giersch - vg66 MSc Computer Security - University of Kent Moonshot Supervisor: David Chadwick
  • 2. Contents • Moonshot overview • OpenStack overview • Providing Moonshot access to OpenStack • Federated Keystone • How it will work ? • Technical architecture • Roadmap • Questions
  • 3. Moonshot Overview Moonshot
  • 4. Moonshot Federated authentication and authorization For web and non-web services and applications
  • 5. Example: IE à Apache Moonshot Source: Janet
  • 6. Example: PuTTY à OpenSSH Moonshot Source: Janet
  • 7. Moonshot technologies Moonshot is built on: • Strong authentication: EAP/RADIUS • Strong authorisation: SAML • Easy service/application integration: SASL/GSS-API Standardisation approaching completion within the Internet Engineering Task Force (IETF) Moonshot
  • 9. Starting the virtualization... Source: OpenStack Foundation
  • 10. Starting the virtualization... Host 1 Host 2 Host 3 Host 4, etc. Hypervisor (VMWare ESX, Citrix XEN Server, KVM, etc.) Hardware abstraction for each server Source: OpenStack Foundation
  • 11. ... but how to manage the resources ? Provisioning ? User management ?
  • 12. Add the missing cloud management layer APIs Self-service for users Creates Automates Pools of Resources deployment
  • 13. Main components of OpenStack Applications APIs Identity Compute Storage Network Keystone Nova Swift Quantum Standard Hardware
  • 14. Moonshot +
  • 15. Federated Keystone Allows to use external Identity Providers (IdP) Easy user provisioning Provides Single Sign On (SSO) to the users Developed as a Keystone middleware
  • 16. How it will work ?
  • 17. How it will work ? Asks a list of Identity providers User Keystone
  • 18. How it will work ? Returns the Identity Providers available User Keystone
  • 19. How it will work ? Chooses a IdP (Moonshot) User Keystone
  • 20. How it will work ? Returns Moonshot details User Keystone
  • 21. How it will work ? Chooses the identity that he will use User Keystone
  • 22. How it will work ? Negotiate authentication User Keystone Identity Provider
  • 23. How it will work ? Returns list of tenants User Keystone
  • 24. How it will work ? Chooses a tenant User Keystone
  • 25. How it will work ? Returns a tenant token User Keystone
  • 26. How it will work ? User Keystone
  • 27. Technical architecture OpenStack Client OpenStack Keystone Identity Provider
  • 28. Technical architecture Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
  • 29. Technical architecture Moonshot module Moonshot module Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
  • 30. Technical architecture GSS-API GSS-API AAA AAA GSS AAA Moonshot module EAP mech Moonshot module transport Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
  • 31. Technical architecture EAP method EAP peer EAP server GSS-API GSS-API AAA AAA GSS AAA Moonshot module EAP mech Moonshot module transport Federated Keystone Federated Keystone HTTP OpenStack Client OpenStack Keystone Identity Provider
  • 32. Project roadmap • Study of the existing Moonshot implementations (e.g. Apache / Firefox). • Fork the PyKerberos library to add flexibility in the usage of the GSS-API C library. • Study of the potential needed improvements of the Keystone Federated protocol. • Implement the authentication / authorization Moonshot module. • Validation testing using a OpenStack client (e.g. python-swiftclient).
  • 33. Questions ? Moonshot Vincent Giersch - vg66