Colleen Murphy and Lance Bragstad share stats for the Stein cycle and talk about what’s onboard for Train.


At the Open Infrastructure Summit in Denver, project team leads (PTLs) and core team members offered updates for the OpenStack projects they manage, what’s new for this release and what to expect for the next one, plus how you can get involved and influence the roadmap.

Superuser features summaries of the videos; you can also catch them on the OpenStack Foundation YouTube channel.


Keystone is an OpenStack project that provides identity, token, catalog and policy services. It’s a shared service for authentication and authorization broker between OpenStack and other identity services.


Current PTL Colleen Murphy, who works at SUSE as a cloud developer and Lance Bragstad, Huawei, former PTL.

What’s new

They started by sharing some metrics from the Rocky to Stein release.

“We noticed a pretty significant uptick in the number of commits — 73 percent — these are patches that were proposed, reviewed and landed during the Stein development cycle to any Keystone-related project or repository,” Bragstad says.

The team also noticed a slight uptick in the number of people who landed a patch. More commits equals more reviews, “which is why you’re seeing a 42 percent increase from Rocky,” Bragstad adds. “We did notice our core team was reduced by a third,” Bragstad says. There was also a 60 percent increase in the number of bugs opened against identity-related projects — but community members also managed to double the number of bugs squashed.

The pair outlined what the community delivered in the Stein release:

  • MFA Receipts
  • JWS tokens
  • Domain-level quota limits
  • System scope APIs
  • Read-only role

What’s next

There’s an impressive amount of work expected to deliver with the upcoming release, Train:

  • Access rules for application credentials
  • Renewable application credentials
  • Client support for MFA receipts
  • System scope policy changes were completed
  • Read-only role implementation polished
  • Immutable resources

The team also already has in sight features and improvements for upcoming releases, including:

  • Federation and edge improvements
  • Identity provider proxy
  • Hierarchical enforcement models for unified limits
  • Enhance tokenless authentication

Cross-project initiatives include adoption of unified limits,properly consuming scope types and default roles support.

Get involved

Use Ask OpenStack for general questions
For roadmap or development issues, subscribe to the mailing list openstack-discuss at and use the tag [keystone]
Participate in the weekly meeting, Tuesdays at 1600 UTC in #openstack-meeting-alt

Catch the whole 15-minute session below.

Photo // CC BY NC