On 07/04/14 12:52, Michael Elder wrote: > > > I think the net of the statement still holds though: the Keystone > token mechanism defines a mechanism for authorization, why doesn't the > heat stack manage a token for any behavior that requires authorization? Heat does use a token, but that token is associated with a user which can only perform limited operations on one heat resource. This reduces the risk that an unauthorized action can be performed due to using some form of shared user.
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev