OpenStack Identity Server (Keystone)

User

Digital representation of a person, system, or service uses
OpenStack Cloud services. The Identity service validates that incoming
Requests is made by the user, claims to being making the call.
Users has a login and May is assigned tokens to access resources.
Users can be directly assigned to a particular tenant and behave as if
They is contained in that tenant.

Can be understood as a user, a system or a service

Credentials

Data that confirms the user's identity. For Example:user name and
Password, user name and API key, or an authentication token provided
By the Identity Service.

Can be understood as a certificate: include user name and password, or username and Apikey, or token issued by authentication Service

Authentication

The process of confirming the identity of a user. OpenStack Identity
Confirms an incoming request by validating a set of credentials supplied
By the user.
These credentials is initially a user name and password, or a user
Name and API key. When user credentials is validated, OpenStack
Identity issues an authentication tokens which the user provides in
Subsequent requests.

Can be understood as a user authentication process. The user sends a set of certificates to OpenStack for authentication.

The certificate is initialized by the user name and password, or by user name and Apikey. If the certificate is valid. OpenStack

A certificate will be issued to authentication token to the user, who will use this authentication token to

Initiate a subsequent request.

Token

An alpha-numeric string of text used to access OpenStack APIs and
Resources. A token may be revoked at any time and are valid for a finite
Duration. While OpenStack Identity supports token-based authentication in

This release, the intention are to support additional protocols in the future.
Its main purpose are to be a integration service, and not aspire
To is a full-fledged identity store and management solution.

Can be understood as a token issued by Identity server, where the user has token to access APIs and resources

This token can be withdrawn at any time, or it can be set to be valid for a period of time.

In the future to support additional protocols, the main purpose of Keystone is to integrate services rather than aspire to become a fully

Certified warehouse and Management solutions.

Tenant

A container used to group or isolate resources. Tenants also group
or isolate identity objects. Depending on the service operator, a tenant
May map to a customer, account, organization, or project.

Tenants, which can be understood as a container for grouping or isolating resources and identity objects. Can be based on the service operator

Containers and maps for a user, account, organization or project

Service

An OpenStack service, such as Compute (Nova), Object Storage
(Swift), or Image service (glance). It provides one or more endpoints
In which users can access resources and perform operations

Understood as OpenStack service, you can access service execution related operations through one or more endpoints

Endpoint

A network-accessible address where you access a service, usually a
URL address. If you is using an extension to templates, an endpoint
Template can created, which represents the templates of all
The consumable services that is available across the regions.

Role

A personality with a defined set of the user rights and privileges to perform
A specific set of operations.

Keystone

Client A command line interface for the OpenStack Identity API. For example,
Users can run the Keystone Service-create and Keystone endpoint-
Create commands to register services in their OpenStack installations.

OpenStack Identity Server (Keystone)