[openstack-dev] [cross-project] "Admin" ness not properly scoped

Adam Young ayoung at redhat.com
Fri Jul 24 17:33:41 UTC 2015

On 07/24/2015 05:10 AM, Thierry Carrez wrote:
> Adam Young wrote:
>> [...]
>> There should be no  "Global Admin Tokens."  They are a security risk,
>> and violate the principal of Least Privilege.
>> https://en.wikipedia.org/wiki/Principle_of_least_privilege.
> Thanks for taking on this long-standing issue.
> Should we have some cross-project spec to scope the work needed in the
> various projects and track overall acceptance of the plan ?

Yes, the is appropriate:



More information about the OpenStack-dev mailing list