@Renat, I like the idea. For now we have a spec: https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-trust-ext.rst It's consiedered to be enough but as for me it lacks TL;DR section :)
On Thu, Feb 19, 2015 at 8:15 PM, Renat Akhmerov <[email protected]> wrote: > > On 19 Feb 2015, at 18:32, Alexander Makarov <[email protected]> wrote: > > @Renat, They are conceptually different: > - regular tokens are created for the owner of addressed resource > - trust scoped tokens are for trustees and have some security restrictions. > The case is about disallowing a trustee to aquire a regular token allowing > him anything the trustor is allowed. It'd be an exploit. > > > Alexander, > > Thanks for explanations. I kind of get the general idea, yes. What is best > source where we could go and read in details about that? The only page I > was able to find is https://wiki.openstack.org/wiki/Keystone/Trusts but > it would be nice if something more tutorial-like existed. > > Renat Akhmerov > @ Mirantis Inc. > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Kind Regards, Alexander Makarov, Senoir Software Developer, Mirantis, Inc. 35b/3, Vorontsovskaya St., 109147, Moscow, Russia Tel.: +7 (495) 640-49-04 Tel.: +7 (926) 204-50-60 Skype: MAKAPOB.AJIEKCAHDP
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
