Generally looks really good... one question though, sparked by the sentence "The trustor ID is implied from the creating users ID." Nowhere in that document does it describe the breakdown between the standard interface (port 5000) vs. the administrative interface (port 35357). What capabilities (or lack thereof) does a user with administrative access have in this system, and can we make that more explicit?
Thanks,
- Gabriel
> -----Original Message-----
> From: Adam Young [mailto:ayoung at redhat.com]
> Sent: Monday, December 03, 2012 8:35 AM
> To: OpenStack Development Mailing List
> Subject: [openstack-dev] [Keystone] Trust Specification Updated
>
> I realize we have had a little bit of disagreement on what to call this. I am
> going to continue to call it "Trusts" as it is a subset of the set of mechanisms
> for delegation.
>
> I've wikified the Specification. Big thanks to David Chatwick for making this a
> much better spec.
>
> http://wiki.openstack.org/Keystone/Trusts
>
> Blueprint is still at
>
> https://blueprints.launchpad.net/keystone/+spec/trusts
>
>
> I will continue to work on this, to include, for example, how to specifiy
> duration and start times, but there should be enough here for people to
> understand.
>
> My initial write up:
>
> http://adam.younglogic.com/2012/10/preauthorization-in-keystone/
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev