> On 19 Feb 2015, at 18:32, Alexander Makarov <amaka...@mirantis.com> wrote: > > @Renat, They are conceptually different: > - regular tokens are created for the owner of addressed resource > - trust scoped tokens are for trustees and have some security restrictions. > The case is about disallowing a trustee to aquire a regular token allowing > him anything the trustor is allowed. It'd be an exploit.
Alexander, Thanks for explanations. I kind of get the general idea, yes. What is best source where we could go and read in details about that? The only page I was able to find is https://wiki.openstack.org/wiki/Keystone/Trusts <https://wiki.openstack.org/wiki/Keystone/Trusts> but it would be nice if something more tutorial-like existed. Renat Akhmerov @ Mirantis Inc.
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev