On 12/24/2015 03:20 AM, 大塚元央 wrote:
Hi, Hua.
I agree with you if trust_id is secret.
But I think trust_id is not a secret.
This is not correct. Trust ID is only usable by the trustee user to get
a token, and does not need to be treated as a secret.
User can know trustee_user_name and
Hi yuanying,
How can user know about other user's trust_id? If the user can know the
trust_id in other user's instance(maybe login to the instance), then other
secrets can be known, too.
In this case, creating a different user for each bay also has a security
risk. So I think the security is
Hi, Hua.
I agree with you if trust_id is secret.
But I think trust_id is not a secret.
User can know trustee_user_name and trustee_password from k8s/swarm
instances.
If user knows about other user's trust_id, user can use a other user's
swift resources.
This wii be a security risk.
Thanks
Hi all,
I want to create a trustee user for each bay [1]. The discussion for trust
is in [2].
Here is my solution:
I don't create a user for each bay. All the bays no matter who creates it
use the same user.
But we create different trust for the user for different bay. The user can
not access
