OpenID authentication as a service in OpenStack

Abstract

The evolution of cloud computing is driving the next generation of internet services. OpenStack is one of the largest open-source cloud computing middleware development communities. Currently, OpenStack supports platform specific signatures and tokens for user authentication. In this paper, we aim to introduce a cloud platform independent, flexible, and decentralized authentication mechanism, using OpenID as an open-source authentication mechanism in OpenStack. OpenID allows a decentralized framework for user authentication. It has its own advantages for web services, which include improvements in usability and seamless Single-Sign-On experience for the users. This paper presents the OpenlD-Authentication-as-a-Service APIs in OpenStack for front-end GUI servers, and performs the authentication in the back-end at a single Policy Decision Point (PDP). Our implementation allows users to use their OpenID Identifiers from standard OpenTD providers and log into the Dashboard/Django-Nova graphical interface of OpenStack.