By storing secret keys inside Keystone, other services can use that key to encrypt per-user data. In this way a security breach (e.g. database leak) won't leak any sensitive information. Further, these secret keys can themselves be stored in an encrypted inside Keystone, such that a Keystone database leak won't leak the secure keys either. Right now I have my own version of Keystone that implements this; I'd like to discuss how it works, and see if we can get similar functionality into the official Keystone server. (Session lead is justinsb)
Monday April 16, 2012 12:00pm - 12:25pm PDT
Seacliff C
