In my previous post about security related updates that are coming in Juno, I mentioned that Keystone itself is a poor identity management solution. I feel that this is a topic that deserves a more thorough discussion. If you ask people familiar with OpenStack what Keystone’s purpose is, I’m willing to bet many of the answers include the term authentication. In my mind, Keystone’s main purpose i