[Openstack] Allow keystone users to know their rights
Alexey Ababilov
aababilov at griddynamics.com
Mon Jun 25 11:23:28 UTC 2012
Hi!
Currently, user can obtain information about his rights (roles, tenants,
endpoints) only saving response to POST /tokens query. If you are a
non-privileged user, have a token, and haven't saved the mentioned
response, you cannot know your rights - you have to make another POST
/tokens query and retrieve a new token.
However, if you are a keystone admin, you can GET /tokens/{token_id} and
retrieve extended information for token of any user.
Is it a security measure? Would it be acceptable if an ordinary user were
allowed to get his token data in any moment? There could be a GET
/tokens/{token_id} call that returns data for valid token_id or signals
that it is invalid.
--
Alessio Ababilov
Software Engineer
Grid Dynamics
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120625/3f16b316/attachment.html>
More information about the Openstack
mailing list