The possible attack is someone forging the querystring value to a dashboard URL that has its own security problem. Specifice an unvalidated redirect or forward. At this point I don't they that Horizon has this problem, but it's possible that a cloud deploys their own dashboard.
I thought it was worth mentioning because in this case the security of this particular operation seems to be dependent on Keystone and the dashboard.
The possible attack is someone forging the querystring value to a dashboard URL that has its own security problem. Specifice an unvalidated redirect or forward. At this point I don't they that Horizon has this problem, but it's possible that a cloud deploys their own dashboard.
I thought it was worth mentioning because in this case the security of this particular operation seems to be dependent on Keystone and the dashboard.