@Renat, I like the idea. For now we have a spec:
https://github.com/openstack/keystone-specs/blob/master/api/v3/identity-api-v3-os-trust-ext.rst
It's consiedered to be enough but as for me it lacks TL;DR section :)
On Thu, Feb 19, 2015 at 8:15 PM, Renat Akhmerov
wrote:
>
> On 19 Feb 2015, at 18:
> On 19 Feb 2015, at 18:32, Alexander Makarov wrote:
>
> @Renat, They are conceptually different:
> - regular tokens are created for the owner of addressed resource
> - trust scoped tokens are for trustees and have some security restrictions.
> The case is about disallowing a trustee to aquire a
@Renat, They are conceptually different:
- regular tokens are created for the owner of addressed resource
- trust scoped tokens are for trustees and have some security restrictions.
The case is about disallowing a trustee to aquire a regular token allowing
him anything the trustor is allowed. It'd
Hi,
> On 18 Feb 2015, at 23:54, Nikolay Makhotkin wrote:
>
> Nova client's CLI parameter 'bypass_url' helps me. The client's API also has
> 'management_url' attribute, if this one is specified - the client doesn't
> reauthenticate. Also the most of clients have 'endpoint' argument, so client
st (not for usage questions)" <
> openstack-dev@lists.openstack.org>
> > Sent: Tuesday, 17 February, 2015 4:00:05 AM
> > Subject: Re: [openstack-dev] [keystone] [trusts] [all] How trusts should
> work by design?
> >
> >
> https://blueprints.launchpad.net/
- Original Message -
> From: "Alexander Makarov"
> To: "OpenStack Development Mailing List (not for usage questions)"
>
> Sent: Tuesday, 17 February, 2015 4:00:05 AM
> Subject: Re: [openstack-dev] [keystone] [trusts] [all] How trusts s
Steve, I saw a couple of things in what you wrote that we might be doing wrong.
We’ll check them when we wake up and let you know what we discovered.
Thanks
Renat Akhmerov
@ Mirantis Inc.
> On 16 Feb 2015, at 21:47, Steven Hardy wrote:
>
> On Mon, Feb 16, 2015 at 09:02:01PM +0600, Renat Ak
https://blueprints.launchpad.net/keystone/+spec/trust-scoped-re-authentication
On Mon, Feb 16, 2015 at 7:57 PM, Alexander Makarov
wrote:
> We could soften this limitation a little by returning token client tries
> to authenticate with.
> I think we need to discuss it in community.
>
> On Mon, Fe
We could soften this limitation a little by returning token client tries to
authenticate with.
I think we need to discuss it in community.
On Mon, Feb 16, 2015 at 6:47 PM, Steven Hardy wrote:
> On Mon, Feb 16, 2015 at 09:02:01PM +0600, Renat Akhmerov wrote:
> >Yeah, clarification from keysto
On Mon, Feb 16, 2015 at 09:02:01PM +0600, Renat Akhmerov wrote:
>Yeah, clarification from keystone folks would be really helpful.
>If Nikolaya**s info is correct (I believe it is) then I actually dona**t
>understand why trusts are needed at all, they seem to be useless. My
>assumpti
Yeah, clarification from keystone folks would be really helpful.
If Nikolay’s info is correct (I believe it is) then I actually don’t understand
why trusts are needed at all, they seem to be useless. My assumption is that
they can be used only if we send requests directly to OpenStack services (
Hello,
Decided to start a new thread due to too much technical details in old
thread.
(You can see thread *[openstack-dev] [keystone] [nova]* )
*The problem:* Trusts can not be used to retrieve a token for further work
with python-client.
I made some research for trust's use cases. The main goal
12 matches
Mail list logo