OpenStack Identity (keystone)

OpenStack Identity (keystone) 2013.1 "grizzly"

Milestone information

Project:: OpenStack Identity (keystone)

Series:: grizzly

Version:: 2013.1

Code name:: grizzly

Released:: 2013-04-04

Registrant:: Thierry Carrez

Release registered:: 2013-04-04

Active:: No. Drivers cannot target bugs and blueprints to this milestone.

Download RDF metadata

Activities

Assigned to you:: No blueprints or bugs assigned to you.

Assignees:: 1 Adam Gandelman, 20 Adam Young, 1 Allan Feid, 1 Alvaro Lopez, 3 Brad Topol, 1 Brant Knudson, 1 Brian Waldon, 1 Chmouel Boudjnah, 5 Dan Prince, 1 Dan Radez, 3 David Höppner, 1 David Ripton, 1 Dean Troyer, 2 Dirk Mueller, 43 Dolph Mathews, 1 Doug Hellmann, 1 Eduardo Patrocinio, 11 Guang Yee, 26 Henry Nash, 6 Ionuț Arțăriși, 11 Jose Castro Leon, 3 Joseph Heck, 1 Julien Danjou, 2 Justin Shepherd, 1 Ken Pepple, 1 Ken Thomas, 1 Malini Bhandaru, 2 Mark McLoughlin, 3 Nachiappan, 1 Nathanael Burton, 1 Ralf Haferkamp, 2 Russell Bryant, 1 Russell Cloran, 1 Sahdev Zala, 1 Sathish Nagappan, 1 Steve Martinelli, 1 Thierry Carrez, 1 Tony NIU, 1 Tushar Patil, 2 Unmesh Gurjar, 1 Vincent Hou, 3 Vish Ishaya, 1 William Kelly, 1 Wu Wenxiang, 1 Yaguang Tang, 1 Yuriy Taraday, 6 gordon chung, 1 olaph, 1 shu, xinxin, 1 stelford, 1 termie, 1 wanglong

Blueprints:: 15 Implemented

Bugs:: 178 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File	Description	Downloads
keystone-2013.1.tar.gz (md5, sig)	Keystone 2013.1 release	3,964 last downloaded 4 days ago
Total downloads:		3,964

Release notes

This is Keystone 2013.1 release.
See https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly

Changelog

This release does not have a changelog.

15 blueprints and 178 bugs targeted

Bug report			Importance	Assignee	Status
1064914	#1064914	[OSSA-2012-018] Removing user from a tenant isn't invalidating user access to tenant	2 Critical	Vish Ishaya	10 Fix Released
1075376	#1075376	keystoneclient unit tests fails on update tenants and users	2 Critical	Dolph Mathews	10 Fix Released
1078497	#1078497	keystone throws error when removing user from tenant.	2 Critical	Vish Ishaya	10 Fix Released
1093493	#1093493	v3 grant/revoke roles to not invalidate existing tokens	2 Critical	Henry Nash	10 Fix Released
1119789	#1119789	Role table not upgraded to grizzly cleanly	2 Critical	William Kelly	10 Fix Released
1122403	#1122403	no such option: log_format	2 Critical	Dan Prince	10 Fix Released
1131087	#1131087	Roles lost in Folsom to Grizzly upgrade	2 Critical	Adam Young	10 Fix Released
1131265	#1131265	LDAP scoped queries breaks object creation	2 Critical	Adam Young	10 Fix Released
1152801	#1152801	V3 tokens do not show up in list_tokens_for_trust	2 Critical	Adam Young	10 Fix Released
861854	#861854	Token in URL is a security risk	3 High	Dolph Mathews	10 Fix Released
1023502	#1023502	Horizon does not use the default tenant	3 High	Dolph Mathews	10 Fix Released
1031372	#1031372	PKI certs not readable by keystone user	3 High	Dirk Mueller	10 Fix Released
1039567	#1039567	auth_token middleware should be stand alone	3 High	Henry Nash	10 Fix Released
1043758	#1043758	RBAC policy definition is not utilized by default (policy.json)	3 High	Dolph Mathews	10 Fix Released
1044032	#1044032	Trying to auth with a bad request reply with a KeyError	3 High	Dolph Mathews	10 Fix Released
1057436	#1057436	Delete role does not delete roles assignment in tenants	3 High	Jose Castro Leon	10 Fix Released
1060389	#1060389	Non PKI Tokens longer than 32 characters can never be valid	3 High	Dan Radez	10 Fix Released
1061738	#1061738	create_service() returns 500 Internal Server Error when bad keyword arg (XML only)	3 High	gordon chung	10 Fix Released
1063852	#1063852	Default to PKI tokens	3 High	Joseph Heck	10 Fix Released
1068851	#1068851	Openssl tests rely on expired certificate	3 High	Guang Yee	10 Fix Released
1070351	#1070351	Cannot perform external Auth against SQL Backend	3 High		10 Fix Released
1074172	#1074172	PKI tokens are broken after 24 hours	3 High	Vish Ishaya	10 Fix Released
1079216	#1079216	[OSSA-2012-019] token expires time incorrect for auth by one token	3 High	Russell Bryant	10 Fix Released
1087405	#1087405	serviceCatalog is dict in the case of no endpoints	3 High	Brian Waldon	10 Fix Released
1093248	#1093248	Domain role grants need to be honored in token authentication	3 High	Henry Nash	10 Fix Released
1098307	#1098307	[OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs	3 High	Dan Prince	10 Fix Released
1099025	#1099025	block really large requests	3 High	Dan Prince	10 Fix Released
1100145	#1100145	Disabling a domain has no effect	3 High	Dolph Mathews	10 Fix Released
1100279	#1100279	[OSSA 2013-004] Local file leak through entities in XML requests (CVE-2013-1665)	3 High	Dolph Mathews	10 Fix Released
1100282	#1100282	[OSSA 2013-004] DoS through XML entity expansion (CVE-2013-1664)	3 High	Dolph Mathews	10 Fix Released
1101240	#1101240	Filter by attribute not fully supported in v3 keystone identity implementation	3 High	Henry Nash	10 Fix Released
1110758	#1110758	The Domain attribute for Projects in Keystone v3 Identity API should not be an optional	3 High	Henry Nash	10 Fix Released
1112535	#1112535	Keystone db_sync fails w/ PostgreSQL (migration 008)	3 High	Dan Prince	10 Fix Released
1121494	#1121494	[OSSA 2013-005] EC2 authentication does not ensure user or tenant is enabled	3 High	Dolph Mathews	10 Fix Released
1126021	#1126021	Updating Project and Group fails to update certain attributes	3 High	gordon chung	10 Fix Released
1126043	#1126043	Keystone RBAC should support checking against query filter items	3 High	Henry Nash	10 Fix Released
1126048	#1126048	Keystone v3 api has some duplicate url apis	3 High	Henry Nash	10 Fix Released
1128256	#1128256	Use oslo-config 1.1.0 release	3 High	Mark McLoughlin	10 Fix Released
1128925	#1128925	v3 Identity api spec has come incorrect query filters	3 High	Henry Nash	10 Fix Released
1130236	#1130236	Domains are not validated on authentication	3 High	Henry Nash	10 Fix Released
1130424	#1130424	SQL migration 017 fails with non-empty database	3 High	Dean Troyer	10 Fix Released
1131769	#1131769	Getting domain roles for token missing in kvs/ldap backends	3 High	Henry Nash	10 Fix Released
1131819	#1131819	v3_protection test leaves CONF.policyfile setting in incorrect state	3 High	Henry Nash	10 Fix Released
1131840	#1131840	v3 auth API untranslatable to XML	3 High	Guang Yee	10 Fix Released
1145267	#1145267	/v3/auth/tokens vs /v3/auth/token	3 High	Dolph Mathews	10 Fix Released
1148186	#1148186	Update keystone version info to include v3	3 High	Henry Nash	10 Fix Released
1152283	#1152283	delete token for trust invalidation has typo	3 High	Adam Young	10 Fix Released
1154406	#1154406	WARNING [keystone.auth.controllers] duplicate option: password	3 High	Dan Prince	10 Fix Released
1156780	#1156780	Folsom to Grizzly migration fails on non-empty sqlite db.	3 High	Adam Gandelman	10 Fix Released
1156913	#1156913	V2 to V3 token intermix for unscoped token is broken	3 High	Guang Yee	10 Fix Released
1157430	#1157430	V3 V2 token intermix should not allowed for non-default domain	3 High	Guang Yee	10 Fix Released
1160504	#1160504	Grizzly v2 catalog has slight formatting changes compared to Folsom	3 High	Dolph Mathews	10 Fix Released
1162845	#1162845	"Too many connections" with MySQL + sql token driver + v3 auth	3 High	Dolph Mathews	10 Fix Released
949467	#949467	need a way to get a token for acting on behalf of a user to another service	4 Medium	Adam Young	10 Fix Released
981906	#981906	Improve error message when there's a bad user / password somewhere	4 Medium	Dolph Mathews	10 Fix Released
999615	#999615	Swift not allow ACLs between different users in different tenants using KeyStone	4 Medium	Chmouel Boudjnah	10 Fix Released
1004380	#1004380	Need downloadable link for private keys	4 Medium	Dolph Mathews	10 Fix Released
1023937	#1023937	v3api - core impl - identity	4 Medium	Dolph Mathews	10 Fix Released
1023938	#1023938	v3api - core impl - catalog	4 Medium	Dolph Mathews	10 Fix Released
1023939	#1023939	v3api - core impl - policy	4 Medium	Dolph Mathews	10 Fix Released
1023943	#1023943	v3api - wrap API calls with RBAC	4 Medium	Dolph Mathews	10 Fix Released
1028683	#1028683	Auth_token middleware logs env at warning level for missing auth token	4 Medium	Nachiappan	10 Fix Released
1039112	#1039112	Cannot run Keystone in debugger	4 Medium	Adam Young	10 Fix Released
1040361	#1040361	Use Keyring to store Tokens	4 Medium	Guang Yee	10 Fix Released
1042144	#1042144	XML body not working for OSADM service api: namespace needs to be taken into account when deserializing XML	4 Medium	Vincent Hou	10 Fix Released
1050406	#1050406	get_users on tenant retrieves duplicated entries on LDAP backend	4 Medium	Jose Castro Leon	10 Fix Released
1051081	#1051081	HTTPD config file errors	4 Medium	Adam Young	10 Fix Released
1055763	#1055763	Get user/tenant by name returning full list	4 Medium	Justin Shepherd	10 Fix Released
1058429	#1058429	run_test.sh produces no output	4 Medium	Joseph Heck	10 Fix Released
1068181	#1068181	Valid column creation in token table fails with postgres	4 Medium	Dirk Mueller	10 Fix Released
1069667	#1069667	keystone user-update with ldap not working	4 Medium		10 Fix Released
1077065	#1077065	Transient test failures: test_service.RemoteUserTest	4 Medium	Alvaro Lopez	10 Fix Released
1081681	#1081681	Unclear how domain_id is set for a user in v3 API	4 Medium		10 Fix Released
1081943	#1081943	belongsTo not implemented for UUID; raises 500 on mismatch w/ PKI	4 Medium	Adam Young	10 Fix Released
1085247	#1085247	Keystone development documentation mentions Essex in many places	4 Medium	Eduardo Patrocinio	10 Fix Released
1089987	#1089987	Non-API specific 404 exposes traceback	4 Medium	Dolph Mathews	10 Fix Released
1090247	#1090247	create endpoint region name which is allow longer than 256	4 Medium	Tony NIU	10 Fix Released
1092187	#1092187	LDAP implementation incomplete for User Groups	4 Medium	Sahdev Zala	10 Fix Released
1096063	#1096063	Missing locale files in published tarballs	4 Medium	Thierry Carrez	10 Fix Released
1097995	#1097995	Delete domain -- doesn't do anything with groups/users/tenants	4 Medium	Henry Nash	10 Fix Released
1098174	#1098174	MySQL db_sync issue	4 Medium	Dolph Mathews	10 Fix Released
1101043	#1101043	xml_body returns backtrace on XMLSyntaxError	4 Medium	David Höppner	10 Fix Released
1101244	#1101244	keystone v3 grant unit-tests are relatively patchy	4 Medium	gordon chung	10 Fix Released
1131294	#1131294	X-Subject-Token not returned on token validation	4 Medium	Dolph Mathews	10 Fix Released
1134802	#1134802	expires_at and issues_at have inconsistent time stamp format	4 Medium	Guang Yee	10 Fix Released
1137696	#1137696	Endpoint default config values fail to load with TypeError	4 Medium	Dolph Mathews	10 Fix Released
1143998	#1143998	nova-api crash - keystone.middleware.auth_token broken	4 Medium	Dolph Mathews	10 Fix Released
1150930	#1150930	keystone commands failing	4 Medium	Dolph Mathews	10 Fix Released
1151747	#1151747	List endpoints through XML interface using keystone v3 is not successful	4 Medium	Guang Yee	10 Fix Released
1152635	#1152635	legacy_endpoint_id returned on v3	4 Medium	Adam Young	10 Fix Released
1153786	#1153786	ldap dereferencing is broken in the ldap backend	4 Medium	Allan Feid	10 Fix Released
1155921	#1155921	Deleting User or Project should clean up Credentials/Tokens	4 Medium	Henry Nash	10 Fix Released
1155924	#1155924	CredentialNotFound exception is referenced but not defined	4 Medium	Henry Nash	10 Fix Released
1156594	#1156594	deserializing xml results in bad links	4 Medium	Dolph Mathews	10 Fix Released
1158783	#1158783	keystone-all and keystone-manage --version are blank	4 Medium	Dolph Mathews	10 Fix Released
1158980	#1158980	Rename RH-TRUST to OS-TRUST	4 Medium	Russell Bryant	10 Fix Released
1159987	#1159987	auth.token_factory recreates all token data from the db on every use	4 Medium	termie	10 Fix Released
1162857	#1162857	"Too many open files" with PKI + sqlite + v3 auth	4 Medium	Dolph Mathews	10 Fix Released
1023544	#1023544	The "enabled" field is not type-safe nor is it normalized	5 Low	Adam Young	10 Fix Released
1045962	#1045962	Transient test failure: test_token_expiry_maintained	5 Low	Dolph Mathews	10 Fix Released
1046862	#1046862	Test failures in py26 environment	5 Low	Steve Martinelli	10 Fix Released
1070890	#1070890	BaseException.message deprecated in py26	5 Low	Dolph Mathews	10 Fix Released
1081167	#1081167	sql 006 sript needs downgrade	5 Low	Justin Shepherd	10 Fix Released
1089988	#1089988	Slow test execution causing transient failures	5 Low	Dolph Mathews	10 Fix Released
1103569	#1103569	unable to load certificate should abort request	5 Low	David Höppner	10 Fix Released
1131292	#1131292	v3 auth - empty catalog returned for unscoped tokens	5 Low	Dolph Mathews	10 Fix Released
1133526	#1133526	v3 tokens contain an 'expires' attr instead of 'expires_at'	5 Low	Malini Bhandaru	10 Fix Released
1135306	#1135306	Start keyston with debug host and port fails	5 Low	Nachiappan	10 Fix Released
1152632	#1152632	null endpoints are not ignored by v3	5 Low	Dolph Mathews	10 Fix Released
1154918	#1154918	legacy_endpoint_id actually stored in 'extra'	5 Low	Dolph Mathews	10 Fix Released
1155922	#1155922	Lack of negative testing for Credentials	5 Low	Henry Nash	10 Fix Released
909543	#909543	Use tenants instead of tenant in next version of API	6 Wishlist	Joseph Heck	10 Fix Released
927879	#927879	add unit test to check for plurals in routes	6 Wishlist	David Ripton	10 Fix Released
1023930	#1023930	v3api testing - identity	6 Wishlist	Dolph Mathews	10 Fix Released
1023933	#1023933	v3api testing - catalog	6 Wishlist	Dolph Mathews	10 Fix Released
1023935	#1023935	v3api testing - policy	6 Wishlist	Dolph Mathews	10 Fix Released
1063858	#1063858	LDAP identity driver does not support 'enabled'	6 Wishlist	Yuriy Taraday	10 Fix Released
1067516	#1067516	Provide config file fields for enable users in LDAP backend	6 Wishlist	Jose Castro Leon	10 Fix Released
1073291	#1073291	Update sample_data.sh to match docs	6 Wishlist	David Höppner	10 Fix Released
1075090	#1075090	I18N issue: some log/messages are not wrapped with _()	6 Wishlist	Nachiappan	10 Fix Released
1132080	#1132080	Tests for v3 protection/filtering need to be improved	6 Wishlist	Henry Nash	10 Fix Released
1132372	#1132372	Filtering the results from an api call by boolean doesn't work	6 Wishlist	Henry Nash	10 Fix Released
1136967	#1136967	The "methods" modules conflicts with common usage in python	6 Wishlist	Dolph Mathews	10 Fix Released
1019475	#1019475	Need to cascade deletes from services to endpoints	1 Undecided	Sathish Nagappan	10 Fix Released
1052111	#1052111	extract hardcoded configuration in LDAP backend	1 Undecided	Jose Castro Leon	10 Fix Released
1052925	#1052925	Filter users, tenants and roles in LDAP backend	1 Undecided	Jose Castro Leon	10 Fix Released
1052929	#1052929	Configurable actions on LDAP backend in users, tenants and roles	1 Undecided	Jose Castro Leon	10 Fix Released
1053474	#1053474	missing X-Auth-Token Header yields Internal Server Error (500) instead of 401	1 Undecided	Ralf Haferkamp	10 Fix Released
1054412	#1054412	keystone database schemas should use utf8 character set	1 Undecided	Yaguang Tang	10 Fix Released
1057407	#1057407	Unable to delete tenant if contains roles in LDAP backend	1 Undecided	Jose Castro Leon	10 Fix Released
1058494	#1058494	Unparseable endpoint URL's should raise a user friendly error	1 Undecided	stelford	10 Fix Released
1060709	#1060709	500 Error returned by Keystone server on passing invalid body for POST /tokens	1 Undecided	Unmesh Gurjar	10 Fix Released
1060723	#1060723	Incorrect HTTP response for POST /v2.0/tokens scenarios	1 Undecided	Unmesh Gurjar	10 Fix Released
1061736	#1061736	SQL backend fails if not all URL are defined in an endpoint	1 Undecided	Julien Danjou	10 Fix Released
1064585	#1064585	Docs missing for keystone-manage pki_setup	1 Undecided	Adam Young	10 Fix Released
1065234	#1065234	404 and accept 'application/xml' causes 500 response	1 Undecided	wanglong	10 Fix Released
1066851	#1066851	tenant dictionary passed to (SQL)Identity.create_tenant is modified	1 Undecided	Ionuț Arțăriși	10 Fix Released
1068674	#1068674	Redo part of bp/sql-identiy-pam undone by bug 968519	1 Undecided	Ken Thomas	10 Fix Released
1069945	#1069945	certificate generation for unit tests cannot be replicated	1 Undecided	Guang Yee	10 Fix Released
1071855	#1071855	The cms module does not raise an exception if the call fails, but the exit code is zero.	1 Undecided		10 Fix Released
1073272	#1073272	PKI-signed token hash saved as token ID for SQL backend only	1 Undecided	Russell Cloran	10 Fix Released
1073343	#1073343	Key PKI tokens on hash in memcached for auth_token middleware	1 Undecided	Adam Young	10 Fix Released
1073569	#1073569	Jenkins jobs fail because of incompatibility between sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1	1 Undecided	Ionuț Arțăriși	10 Fix Released
1074257	#1074257	quantum-server creates openssl zombies until process limit is reached	1 Undecided	Adam Young	10 Fix Released
1076120	#1076120	update tenant api changed	1 Undecided	Dolph Mathews	10 Fix Released
1079661	#1079661	API v3 users.list limits result	1 Undecided	Dolph Mathews	10 Fix Released
1081861	#1081861	password type differences when create user	1 Undecided	Wu Wenxiang	10 Fix Released
1082805	#1082805	transifex-ify all current OpenStack projects	1 Undecided	olaph	10 Fix Released
1083463	#1083463	Size limit exceeded when querying AD with more than 1000 entries	1 Undecided	Jose Castro Leon	10 Fix Released
1086812	#1086812	test_create_certs ssl certificate directory is wrongly set	1 Undecided	Ionuț Arțăriși	10 Fix Released
1092200	#1092200	Listing grants in v3 can issue an un-caught exception	1 Undecided	Henry Nash	10 Fix Released
1092227	#1092227	ceilometer dependency WebOb>=1.2dev is causing conflict with other Openstack modules	1 Undecided	Doug Hellmann	10 Fix Released
1096466	#1096466	python keyring required for testing	1 Undecided	Ken Pepple	10 Fix Released
1097747	#1097747	V2: Endpoint creation with missing URL returns 500	1 Undecided	Tushar Patil	10 Fix Released
1101129	#1101129	keystone-all --config-dir is being ignored	1 Undecided	gordon chung	10 Fix Released
1102358	#1102358	Filter LDAP attribute queries in existing LDAP infrastructures	1 Undecided	Jose Castro Leon	10 Fix Released
1112058	#1112058	Use the "not in" operator for collection membership evaluation	1 Undecided	shu, xinxin	10 Fix Released
1113146	#1113146	test_auth_token_middleware fails when using latest keystoneclient	1 Undecided		10 Fix Released
1115519	#1115519	user delete fails on LDAP when user has assigned roles	1 Undecided		10 Fix Released
1117362	#1117362	Update Object on LDAP module breaks if there is no update	1 Undecided	Jose Castro Leon	10 Fix Released
1118161	#1118161	v3 Keystone Identity api should support domain_id as a query filter when listing Users	1 Undecided	Henry Nash	10 Fix Released
1119495	#1119495	Allow unauthenticated LDAP connections in the LDAP backend	1 Undecided	Ionuț Arțăriși	10 Fix Released
1119770	#1119770	identity kvs impl missing/differing functionality compared to sql	1 Undecided	gordon chung	10 Fix Released
1120896	#1120896	S3 signature unit tests do not run standalone	1 Undecided	Nathanael Burton	10 Fix Released
1122181	#1122181	Allow for different LDAP scopes when authenticating	1 Undecided	Ionuț Arțăriși	10 Fix Released
1126037	#1126037	Keystone should use latest policy engine	1 Undecided	Henry Nash	10 Fix Released
1129243	#1129243	fakehttpconnection unit tests failure - unexpected keyword argument 'timeout'	1 Undecided	Ionuț Arțăriși	10 Fix Released
1131119	#1131119	Add user has wrong response code	1 Undecided	gordon chung	10 Fix Released
1131439	#1131439	keystone.conf.sample missing domain_id_attribute examples	1 Undecided	Brad Topol	10 Fix Released
1131443	#1131443	domain_id_attributes in config.py have wrong default value	1 Undecided	Brad Topol	10 Fix Released
1133041	#1133041	Keystone silently crashes on SSL misconfiguration	1 Undecided	Brant Knudson	10 Fix Released
1133240	#1133240	Unpin pam dependency version	1 Undecided	Mark McLoughlin	10 Fix Released
1135230	#1135230	V2 API reported at Beta	1 Undecided	Adam Young	10 Fix Released
1152326	#1152326	__init__.py in tests directory breaks running individual tests	1 Undecided	Adam Young	10 Fix Released
1154216	#1154216	LDAP project tests are insufficient	1 Undecided	Brad Topol	10 Fix Released
1154277	#1154277	_ldap_livetest suite fails in its current state	1 Undecided	Adam Young	10 Fix Released
1155234	#1155234	emulated ldap enabled improperly handles updates	1 Undecided	Adam Young	10 Fix Released
1157727	#1157727	ldap backend fails to work with enabled attributes on domains and groups	1 Undecided	Dolph Mathews	10 Fix Released

Related milestones and releases

This milestone contains Public information

Everyone can see this information.

Blueprint		Priority	Assignee	Delivery
Implement V3 keystone API	Implement V3 keystone API	5 Essential	Dolph Mathews	11 Implemented
Implement a policy.json and RBAC controls for invoking the Keystone API	Implement a policy.json and RBAC controls for invoking the Keystone API	5 Essential	Dolph Mathews	11 Implemented
Default domain to support Identity API v2	Default domain to support Identity API v2	5 Essential	Dolph Mathews	11 Implemented
ActiveDirectory based LDAP back-end	ActiveDirectory based LDAP back-end	4 High	Jose Castro Leon	11 Implemented
Implement auth on Identity API v3	Implement auth on Identity API v3	4 High	Guang Yee	11 Implemented
Normalize tables in SQL database	Normalize tables in SQL database	4 High	Adam Young	11 Implemented
Replace Tenant-User Membership with default role	Replace Tenant-User Membership with default role	4 High	Adam Young	11 Implemented
Support Groups of Users within Keystone	Support Groups of Users within Keystone	4 High	Henry Nash	11 Implemented
move the auth_token middleware to the keystoneclient repository	move the auth_token middleware to the keystoneclient repository	4 High	Henry Nash	11 Implemented
Token trusts	Token trusts	4 High	Adam Young	11 Implemented
Allow scoping to a domain, as well as a project	Allow scoping to a domain, as well as a project	3 Medium	Henry Nash	11 Implemented
Private name spaces for domains	Private name spaces for domains	3 Medium	Henry Nash	11 Implemented
Role assignment to a domain should be more flexible	Role assignment to a domain should be more flexible	3 Medium	Henry Nash	11 Implemented
Pluggable Identity Authentication Handlers	Pluggable Identity Authentication Handlers	3 Medium	Guang Yee	11 Implemented
Multi-factor-authentication	Multi-factor-authentication	3 Medium	Guang Yee	11 Implemented