> On 19 Feb 2015, at 18:32, Alexander Makarov <amaka...@mirantis.com> wrote:
> 
> @Renat, They are conceptually different:
> - regular tokens are created for the owner of addressed resource
> - trust scoped tokens are for trustees and have some security restrictions.
> The case is about disallowing a trustee to aquire a regular token allowing 
> him anything the trustor is allowed. It'd be an exploit.


Alexander,

Thanks for explanations. I kind of get the general idea, yes. What is best 
source where we could go and read in details about that? The only page I was 
able to find is https://wiki.openstack.org/wiki/Keystone/Trusts 
<https://wiki.openstack.org/wiki/Keystone/Trusts> but it would be nice if 
something more tutorial-like existed.

Renat Akhmerov
@ Mirantis Inc.

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to