Requests to the Quantum API can be authenticated with the OpenStack Keystone identity service using a token-based authentication protocol. This is optional, and is only needed for production deployments that expose the Quantum API directly to tenants. Deployments where tenants only contact the Nova API, and Nova communicates with Quantum using the Quantum Manager (see above), do not require Quantum to use Keystone.
Keystone integration is disabled by default, as Quantum does not yet provide authorization, meaning that NOTHING IS DONE with existing Keystone identities by Quantum, so for the time being this portion of the document is purely experimental.
