[openstack-dev] [OSSG] [keystone] Trusts: delegation and impersonation
Bryan D. Payne
bdpayne at acm.org
Sat Mar 16 21:03:21 UTC 2013
> If you think I am way off beam, please say
I don't think you're way off base. And yet, I do appreciate Gabriel's
comments here too. As a member of OSSG, I was just brought into this
discussion somewhat recently. My goal here isn't to rehash all of
what has been said in the past. Rather, I would like to see what can
be done to improve on this feature -- and others -- from a security
viewpoint for future releases.
For this particular feature, I propose that we step back and draw up a
state diagram so that we can all be on the same page with regards to
what is happening and why. From there, we can more easily have a
constructive discussion about how to improve it, if needed. Dolph,
could you take a first pass at putting this together?
I do believe that work needs to be done within the OpenStack community
to improve security. Compensating controls, while useful, are not
always enough. I am most certainly interested in taking concrete
steps forward in the right direction. Even if they start out small.
And I acknowledge that this is hard because it involves process as
much as it does code. But I'm open to suggestions for where to start
:-)
Cheers,
-bryan
More information about the OpenStack-dev
mailing list