[openstack-dev] Trusts and Explicit Impersonation
Mark Washenberger
mark.washenberger at markwash.net
Sat Dec 8 04:53:12 UTC 2012
Hi auth guys!
As we continue to make progress towards large service providers exposing
their Glance deployments as public services, one critical feature we need
to support is the ability to limit certain actions (mostly image uploads,
also possibly image downloads) to use by Nova or other trusted services,
and restrict users from taking those actions directly. Of course, this
feature would only be turned on by configuration, and not likely by default.
I had figured we could do this using some features piggy-backed on keystone
pki, and documented the use case in this blueprint:
https://blueprints.launchpad.net/keystone/+spec/keystone-explicit-impersonation
I've been following the discussion of Keystone Trusts with interest, and
some questions have presented themselves. Is there some way we could
manipulate the Trust mechanism to provide the auth feature Glance needs?
Another (scarier for me) question: does the Trusts proposal conflict with
my feature request?
Thanks!
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121207/03455db3/attachment.html>
More information about the OpenStack-dev
mailing list