[openstack-dev] [keystone][barbican] Regarding exposing X-Group-xxxx in token validation
John Wood
john.wood at RACKSPACE.COM
Wed Jun 3 22:58:55 UTC 2015
Hello folks,
There has been discussion about adding user group support to the per-secret access control list (ACL) feature in Barbican. Hence secrets could be marked as accessible by a group on the ACL rather than an individual user as implemented now.
Our understanding is that Keystone does not pass along a user's group information during token validation however (such as in the form of X-Group-Ids/X-Group-Names headers passed along via Keystone middleware).
Would the community consider this a useful feature? Would the community consider adding this support to Liberty?
Thank you,
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150603/b83b0ed7/attachment.html>
More information about the OpenStack-dev
mailing list