[openstack-dev] [Keystone] Trust Specification Updated

Bhandaru, Malini K malini.k.bhandaru at intel.com
Tue Dec 4 11:19:25 UTC 2012

Hello Adam!

Not surprised that this is morphing into something like certificates, and chains and revocations! :-)
Good work!

What do you  mean by arbitrary attributes in phase-2.

Would we ever log tokens? If yes, might it not be possible for the wily log reader to re-create token objects
and misuse system.


-----Original Message-----
From: David Chadwick [mailto:d.w.chadwick at kent.ac.uk] 
Sent: Tuesday, December 04, 2012 2:48 AM
To: Adam Young
Cc: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [Keystone] Trust Specification Updated

Hi Adam

in terms of delegation duration, it is more common to specify a start time (defaults to now) and an end time (defaults to infinity) rather than a delta (which implies a start time of now in every case)



On 04/12/2012 04:16, Adam Young wrote:
> On 12/03/2012 04:19 PM, David Chadwick wrote:
>> Hi Adam
>> yes this is nice work. I have added a few minor mods to the wiki 
>> version to pick up a few missing pieces. I have annotated these with 
>> <David> so that you can easily spot them
> Good changes all.  I took two of them pretty much as is (DELETE  and 
> the optional fields).  I also added this 
> http://wiki.openstack.org/Keystone/Trusts#Token_Format_Changes to 
> account for tracking the chain of responsibility.
>> regards
>> David
>> On 03/12/2012 16:34, Adam Young wrote:
>>> I realize we have had a little bit of disagreement on what to call 
>>> this.  I am going to continue to call it "Trusts" as it is a subset 
>>> of the set of mechanisms for delegation.
>>> I've wikified the Specification.  Big thanks to David Chatwick for 
>>> making this a much better spec.
>>> http://wiki.openstack.org/Keystone/Trusts
>>> Blueprint is still at
>>> https://blueprints.launchpad.net/keystone/+spec/trusts
>>> I will continue to work on this, to include, for example, how to 
>>> specifiy duration and start times, but there should be enough here 
>>> for people to understand.
>>> My initial write up:
>>> http://adam.younglogic.com/2012/10/preauthorization-in-keystone/
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org

More information about the OpenStack-dev mailing list