Open Stack

Openstack allows creation of users whose name contains characters such as
dots, commas, colons, etc.

What if a username such as "user,name" is used in an Object storage ACLs to
provide access to a container (e.g., field of X-Container-Read header)?
That would grant read access to two users, "user" and "name".

A username could also have name ".rlistings", which is a reserved term for
that container header.

Is there some sort of escaping defined to handle this?
Or a way to configure keystone to validate user names according to certain
regexes?

Thanks,
Vincenzo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151006/5c717594/attachment.html>