IDM-12: Single sign-on across community OpenStack resources

Executive Summary: 
A researcher or educator (hereafter referred to as “the user”) wants to be able to authenticate once using his/her community identity and subsequently have authenticated access to all of the available OpenStack resources in the community. (These services might include things such as a central object library (e.g. images, date, etc.), objects stored by that user on other service provider's resources, or cloud computing features such as elastic scheduling of instances.)
User Importance Summary: 
Researchers are increasingly using externally hosted ("cloud") virtual machines to extend their computing environments without requiring capital investment. If, at some point in the future, researchers begin using multiple OpenStack API-accessible cloud resources to support single applications, they will want their applications to be able to authenticate once to obtain credentials that can be used for each OpenStack API instance. (This is highly speculative at this time.)
Target Communities and Sizes: 
Application developers who use multiple IaaS hosts - 1 < N < 10 Science gateways that use multiple IaaS hosts - 1 < N < 10