[openstack-dev] [Openstack] Fwd: [keystone] Tokens representing authorization to projects/tenants in the Keystone V3 API

Nathanael Burton nathanael.i.burton at gmail.com
Sun Oct 21 17:06:21 UTC 2012


On Oct 21, 2012 12:11 PM, "Joe Savak" <joe.savak at rackspace.com> wrote:
>
> +1. ;)
>
> So the issue is that the v2 API contract allows a token to be scoped to
multiple tenants. For v3, I'd like to have the same flexibility. I don't
see security issues, as if a token were to be sniffed you can change the
password of the account using it and use those creds to scope tokens to any
tenant you wish.
>

Isn't that a security issue in and of itself? Shouldn't we force re-auth to
change the password?

Nate
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121021/dad50c47/attachment.html>


More information about the OpenStack-dev mailing list