OpenStack Identity (keystone)

Unify delegate token identification

Bug #1211965 reported by Adam Young on 2013-08-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Invalid	Wishlist	Unassigned

Bug Description

Trusts and OAuth both create delegated tokens that should not be allowed to create additional tokens. But they are marked in separate ways. We should unify the trusts and oauth tokens to both be labeled the same way, and have unified token processing that prevents them from being allowed to create new tokens.

Revision history for this message

Morgan Fainberg (mdrnstm) wrote on 2014-09-21:

This isn't really a bug, we do handle these in a fairly consistent way, we set 'is_delegated' in the authorization module. This could be further improved on down the line.

Changed in keystone:
status:	New → Confirmed

Revision history for this message

Steve Martinelli (stevemar) wrote on 2014-09-21:

This was filed before the 'is_delegated' tag was set for both delegated auth methods. IMO this can be marked as invalid. If there additional work needed, then we should create a spec.

Revision history for this message

Steve Martinelli (stevemar) wrote on 2016-02-21:

refer to https://blueprints.launchpad.net/keystone/+spec/unified-delegation

Changed in keystone:
status:	Confirmed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.