summaryrefslogtreecommitdiff
path: root/doc/source/identity-support-matrix.ini
blob: 7e6ef1e94393be4788faf96565c8135aced09732 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

# This file contains a specification of what feature capabilities each driver
# is able to support. Feature capabilities include what API operations are
# supported, what backend behaviors features can be used and what aspects of
# the driver implementation can be configured. The capabilities can be
# considered to be structured into nested groups, but in this file they have
# been flattened for ease of representation. The section names represent the
# group structure. At the top level there are the following groups defined:
#
# - operation: Public API operations.
# - feature: Features of the driver.
#
# When considering which capabilities should be marked as mandatory, consider
# the following guiding principles.
#
# The 'status' field takes possible values:
#
# - mandatory: Unconditionally required to be implemented.
# - optional: Optional to support, but nice to have.
# - choice(group): At least one of the options within the named group
#                  must be implemented.
# - conditional(cond): Required, if the referenced condition is met.
#
# The value against each 'impl-XXXX' entry refers to the level of the
# implementation of the feature in that driver:
#
# - complete: Fully implemented, expected to work at all times.
# - partial: Implemented, but with caveats about when it will work.
#            For example, some configurations or hardware or guest OS may not
#            support it.
# - missing: Not implemented at all.
#
# In the case of the driver being marked as 'partial', then
# 'notes-XXX' entry should be used to explain the caveats around the
# implementation.
#
# The 'cli' field takes a list of client commands, separated by semicolon.
# These CLi commands are related to that feature.
# Example:
# cli=openstack domain list;openstack domain show <domain>
#
[targets]
# List of driver implementations for which we are going to track the status of
# features. This list only covers drivers that are in tree. Out of tree
# drivers should maintain their own equivalent document, and merge it with this
# when their code merges into core.

driver-impl-sql=SQL
driver-impl-ldap=LDAP
driver-impl-oauth1=OAuth v1.0a
driver-impl-external=REMOTE_USER
driver-impl-oidc=OpenID Connect
driver-impl-samlv2=SAML v2

[feature.local_authentication]
title=Local authentication
status=optional
notes=Authenticate with keystone by providing credentials directly to keystone.
driver-impl-sql=complete
driver-impl-ldap=complete
driver-impl-oauth1=complete
driver-impl-external=missing
driver-impl-oidc=missing
driver-impl-samlv2=missing

[feature.external_authentication]
title=External authentication
status=optional
notes=Authenticate with keystone by providing credentials to an external system
  that keystone trusts (as with federation).
driver-impl-sql=missing
driver-impl-ldap=missing
driver-impl-oauth1=missing
driver-impl-external=complete
driver-impl-oidc=complete
driver-impl-samlv2=complete

[feature.identity_crud]
title=Identity management
status=optional
notes=Create, update, enable/disable, and delete users via Keystone's HTTP API.
driver-impl-sql=complete
driver-impl-ldap=partial
driver-impl-oauth1=complete
driver-impl-external=missing
driver-impl-oidc=missing
driver-impl-samlv2=missing

[feature.pci_controls]
title=PCI-DSS controls
status=optional
notes=Configure keystone to enforce PCI-DSS compliant security controls.
driver-impl-sql=complete
driver-impl-ldap=partial
driver-impl-oauth1=missing
driver-impl-external=partial
driver-impl-oidc=missing
driver-impl-samlv2=missing

[feature.auditing]
title=Auditing
status=optional
notes=Audit authentication flows using PyCADF.
driver-impl-sql=complete
driver-impl-ldap=complete
driver-impl-oauth1=missing
driver-impl-external=missing
driver-impl-oidc=complete
driver-impl-samlv2=complete