The Keystone service

The Keystone service provides identity and service cataloging in OpenStack. All other services in OpenStack must register with Keystone with their API endpoints. Keystone thus keeps a catalog of various services running in your OpenStack cloud that can be queried using the Keystone REST APIs.

Keystone also maintains a policy engine which provides rule-based access and authorization of services.

The Keystone service itself is composed of multiple providers that work in conjunction with each other. Each of these providers implements a concept in the Keystone architecture:

• Identity
• Resource
• Authorization
• Token
• Catalog
• Policy