IDM-12: Single sign-on for XSEDE OpenStack resources

Executive Summary: 
An XSEDE-allocated researcher wants to be able to authenticate once using his/her XSEDE identity and subsequently have authenticated access to all of the available XSEDE OpenStack resources. (These services might include things such as a central object library (e.g. images, date, etc.), objects stored by that user on other service provider's resources, or cloud computing features such as elastic scheduling of instances.)
User Importance Summary: 
Researchers are increasingly using externally hosted ("cloud") virtual machines to extend their computing environments without requiring capital investment. If, at some point in the future, researchers begin using multiple XSEDE OpenStack API-accessible cloud resources to support single applications, they will want their applications to be able to authenticate once to obtain credentials that can be used for each OpenStack API instance. (This is highly speculative at this time.)
Target Communities and Sizes: 
Application developers who use multiple IaaS hosts - 1 < N < 9 Science gateways that use multiple IaaS hosts - 1 < N < 9