Prior to oVirt 3.5, authentication and authorization was implemented as
monolithic module, logic and schema was hard-coded, Kerberos was used for
authentication to LDAP server. It was very hard to support and it didn't contain
requested features like SSO or proper multi-domain setup.
In this session we will take a look at new extension API introduced in oVirt 3.5.
This API is designed to be stable (easy to extend without breaking backward
compatibility), simple (it's invoke based) and yet flexible (it allows extension
to extension communication and allows to write extensions in other languages
We will also take a look at the AAA (authentication, authorization, accounting)
extensions which leverages this API. Those extensions included in oVirt 3.5
allow to use generic LDAP or database for authentication and authorization or
allow SSO for UI and API part of oVirt.