| 2016-05-05 03:14:06 |
Matt Fischer |
bug |
|
|
added bug |
| 2016-05-05 04:23:42 |
Steve Martinelli |
keystone: importance |
Undecided |
Medium |
|
| 2016-05-05 04:23:46 |
Steve Martinelli |
keystone: status |
New |
Triaged |
|
| 2016-11-15 14:01:29 |
Steve Martinelli |
tags |
|
security |
|
| 2016-11-15 16:04:35 |
Steve Martinelli |
tags |
security |
caching security |
|
| 2016-12-03 03:13:14 |
David Stanek |
bug |
|
|
added subscriber David Stanek |
| 2018-06-03 23:34:30 |
Morgan Fainberg |
bug task added |
|
oslo.cache |
|
| 2018-06-03 23:34:40 |
Morgan Fainberg |
keystone: status |
Triaged |
Won't Fix |
|
| 2018-06-03 23:35:01 |
Morgan Fainberg |
oslo.cache: status |
New |
Confirmed |
|
| 2018-06-03 23:35:57 |
Morgan Fainberg |
summary |
keystone token cache should offer encryption like the middleware cache does |
cache should offer encryption in a similar manner to keystonemiddleware cache does |
|
| 2018-06-03 23:36:03 |
Morgan Fainberg |
oslo.cache: status |
Confirmed |
New |
|
| 2018-08-29 18:07:23 |
Ben Nemec |
oslo.cache: status |
New |
Confirmed |
|
| 2018-08-29 18:07:25 |
Ben Nemec |
oslo.cache: importance |
Undecided |
Wishlist |
|
| 2019-08-30 13:27:25 |
Lance Bragstad |
summary |
cache should offer encryption in a similar manner to keystonemiddleware cache does |
oslo.cache should offer encryption in a similar manner to keystonemiddleware cache |
|
| 2019-08-30 13:27:35 |
Lance Bragstad |
summary |
oslo.cache should offer encryption in a similar manner to keystonemiddleware cache |
oslo.cache should offer encryption in a similar manner to keystonemiddleware |
|
| 2019-09-04 16:52:17 |
Lance Bragstad |
description |
Keystone middleware's caching of tokens offers HMAC validation and encryption of the tokens in the cache. This is important because memcache has literally zero authentication or protection from any user on the system. So this feature should be ported in from keystone middleware into keystone. |
Keystone middleware's caching of tokens offers HMAC validation and encryption of the tokens in the cache. This is important because memcache has literally zero authentication or protection from any user on the system. So this feature should be ported in from keystone middleware into keystone.
Encrypted caching implementation: https://opendev.org/openstack/keystonemiddleware/src/commit/0a65b1420799e7c7f8736e9f6c234f755ab5ac6b/keystonemiddleware/auth_token/_cache.py#L254-L297
Caching configuration via ksm: https://opendev.org/openstack/keystonemiddleware/src/commit/0a65b1420799e7c7f8736e9f6c234f755ab5ac6b/keystonemiddleware/auth_token/_opts.py#L113-L122 |
|
