Comment 1 for bug 1805366

We talked about this during the keystone virtual midcycle and wanted to note that the domain config API also has an API/policy that allows users to pull password security requirements for a domain.

This API and policy should be updated to also support domain-scoped tokens. Otherwise, the entire domain config API is system-specific and should remain that way in the future for security reasons (a domain admin shouldn't be able to set deployment configuration).

https://opendev.org/openstack/keystone/src/branch/master/keystone/common/policies/domain_config.py#L74-L101