> On 19 Feb 2015, at 18:32, Alexander Makarov <amakarov at mirantis.com> wrote: > > @Renat, They are conceptually different: > - regular tokens are created for the owner of addressed resource > - trust scoped tokens are for trustees and have some security restrictions. > The case is about disallowing a trustee to aquire a regular token allowing him anything the trustor is allowed. It'd be an exploit. Alexander, Thanks for explanations. I kind of get the general idea, yes. What is best source where we could go and read in details about that? The only page I was able to find is https://wiki.openstack.org/wiki/Keystone/Trusts <https://wiki.openstack.org/wiki/Keystone/Trusts> but it would be nice if something more tutorial-like existed. Renat Akhmerov @ Mirantis Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150219/438405a3/attachment.html>