This is a pretty antiquated presentation. Plenty of stuff has changed in openstack since it was given, for better and for worse. But it gives you an idea that the origins of OpenStack were built with security in mind. When at NASA we had some pretty good security and policy guys contributing heavily to the sprint planning sessions we had. The result was a code base that was fairly flexible when it came to adjusting itself to meet policy requirements.