Comment 4 for bug 2048111

I'm good with treating this as a hardening opportunity, and I also don't think an embargo is warranted. I think the mitigation will be in Keystone as that is where the field is defined [1] but we would probably need some client side validation within Horizon as well.

/ Dave

[1]: https://opendev.org/openstack/keystone/src/branch/master/keystone/common/validation/parameter_types.py#L54-L56