2.4. Identity

Red Hat OpenStack Platform 10 adds Fernet token support. The lightweight Fernet tokens mean that only minimal identity information is required. The non-persistent state means that no database backend is needed. Symmetric encryption has been implemented using AES-CBC signed with SHA256HMAC. As a result, you can expect significant performance improvement over UUID tokens.

This release adds director support for multi-domain LDAP integration, allowing you to use multiple back ends for user authentication.

Red Hat OpenStack Platform 10 has expanded the role capabilities with Domain-specific roles and Implied Roles. Domain-specific roles - Allow role definition to be limited to a specific domain. These roles can be then assigned to a domain or project within the domain. Implied Roles - Inference rules can state that assignment of one role implies the assignment of another. These changes are expected to make role management much easier for administrators.