[openstack-dev] [keystone][barbican] Regarding exposing X-Group-xxxx in token validation

John Wood john.wood at RACKSPACE.COM
Wed Jun 3 22:58:55 UTC 2015

Hello folks,

There has been discussion about adding user group support to the per-secret access control list (ACL) feature in Barbican. Hence secrets could be marked as accessible by a group on the ACL rather than an individual user as implemented now.

Our understanding is that Keystone does not pass along a user's group information during token validation however (such as in the form of X-Group-Ids/X-Group-Names headers passed along via Keystone middleware).

Would the community consider this a useful feature? Would the community consider adding this support to Liberty?

Thank you,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150603/b83b0ed7/attachment.html>

More information about the OpenStack-dev mailing list