OpenStack Identity (keystone)

create tokens scoped to endpoints

Bug #1070637 reported by Adam Young on 2012-10-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Invalid	Wishlist	Unassigned

Bug Description

When creating a token, allow the user to specify a set of endpoints that will be included in the service catalog for that token. During token validation, only the endpoints listed in the token will be considered valid: if the endpoint evaluating the token is not listed, the token is not considered valid.

Tags:

Adam Young (ayoung) on 2012-10-24

Changed in keystone:
assignee:	nobody → Adam Young (ayoung)

Revision history for this message

Joseph Heck (heckj) wrote on 2012-11-06:

this maps to discussions related to future work - should be a blueprint...

tags:	added: blueprint
Changed in keystone:
status:	New → Triaged
importance:	Undecided → Wishlist

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-03-07:

Endpoint ID's or services types?

We've had some relatively unproductive discussions in the paste about auth_token being aware of the endpoint_id it's protecting -- it's unnecessary config or will require fragile auto-detection code by taking a guess from a catalog response.

Scoping to service type seems like a great first step towards more granular control.

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-09-05:

Unassigning due to inactivity.

Changed in keystone:
assignee:	Adam Young (ayoung) → nobody

Revision history for this message

Steve Martinelli (stevemar) wrote on 2015-11-30:

this is a blueprint/spec

Changed in keystone:
status:	Triaged → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.