If delegation (trusts) were enhanced to be role based, then anyone with
the same role as the initial delegator should be able to revoke the
delegation
regards
David
On 04/09/2013 05:02, Clint Byrum wrote:
Excerpts from Dolph Mathews's message of 2013-09-03 16:12:00 -0700:
On Tue, Sep 3,
On Tue, Sep 03, 2013 at 06:12:00PM -0500, Dolph Mathews wrote:
On Tue, Sep 3, 2013 at 5:52 PM, Steven Hardy sha...@redhat.com wrote:
Hi,
I have a question for the keystone folks re the expected behavior when
deleting a trust.
Is it expected that you can only ever delete a trust as
On Wed, Sep 04, 2013 at 09:49:48AM +0100, Steven Hardy wrote:
This final step is the problematic step - atm (unless I'm making a mistake,
which as previously proven is entirely possible! ;) it seems that it's
impossible for anyone except the trustor to delete the trust, even if we
impersonate
you can always do anything by impersonating the user. This is why
impersonation should never be sanctioned
david
On 04/09/2013 11:45, Steven Hardy wrote:
Ok, apologies, after further testing, it appears I made a mistake and you
*can* delete the trust by impersonating the user.
On Tue, Sep 3, 2013 at 5:52 PM, Steven Hardy sha...@redhat.com wrote:
Hi,
I have a question for the keystone folks re the expected behavior when
deleting a trust.
Is it expected that you can only ever delete a trust as the user who
created it, and that you can *not* delete the trust when
Hi,
I have a question for the keystone folks re the expected behavior when
deleting a trust.
Is it expected that you can only ever delete a trust as the user who
created it, and that you can *not* delete the trust when impersonating that
user using a token obtained via that trust?
The reason
Excerpts from Dolph Mathews's message of 2013-09-03 16:12:00 -0700:
On Tue, Sep 3, 2013 at 5:52 PM, Steven Hardy sha...@redhat.com wrote:
Hi,
I have a question for the keystone folks re the expected behavior when
deleting a trust.
Is it expected that you can only ever delete a trust
