On Fri, Feb 28, 2014 at 8:13 AM, <jang at ioctl.org> wrote: > The second would be to have a way for the nova process to extend proxy > credentials until such point as they are required by the post- stages. > I'll elide the potential security concerns over putting such an API call > into keystone, but it should probably be considered. > > This facility is already implemented in Keystone, it's called trusts[1]. [1] https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-trust-ext.md - Brant -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140228/e749926c/attachment.html>