[openstack-dev] [keystone][barbican] Regarding exposing X-Group-xxxx in token validation
john.wood at RACKSPACE.COM
Wed Jun 3 22:58:55 UTC 2015
There has been discussion about adding user group support to the per-secret access control list (ACL) feature in Barbican. Hence secrets could be marked as accessible by a group on the ACL rather than an individual user as implemented now.
Our understanding is that Keystone does not pass along a user's group information during token validation however (such as in the form of X-Group-Ids/X-Group-Names headers passed along via Keystone middleware).
Would the community consider this a useful feature? Would the community consider adding this support to Liberty?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev