On 12/24/2015 03:20 AM, 大塚元央 wrote: > Hi, Hua. > > I agree with you if trust_id is secret. > But I think trust_id is not a secret. This is not correct. Trust ID is only usable by the trustee user to get a token, and does not need to be treated as a secret. > User can know trustee_user_name and trustee_password from k8s/swarm > instances. > If user knows about other user's trust_id, user can use a other user's > swift resources. > This wii be a security risk. > Thanks > -yuanying > > 2015年12月24日(木) 16:49 王华 <wanghua.humble at gmail.com > <mailto:wanghua.humble at gmail.com>>: > > Hi all, > > I want to create a trustee user for each bay [1]. The discussion > for trust is in [2]. > > Here is my solution: > I don't create a user for each bay. All the bays no matter who > creates it use the same user. > But we create different trust for the user for different bay. The > user can not access any service without the trust id. So there is > no need to create a user for each bay. > > > [1]https://blueprints.launchpad.net/magnum/+spec/create-trustee-user-for-each-bay > [2]https://review.openstack.org/#/c/254705/ > > Regards, > Wanghua > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160104/6725b1f2/attachment.html>