Keystone "scoped tokens" imply better security isolation than is actually implemented

Bug #1341816 reported by Robert Clark on 2014-07-14
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Security Notes
High
Robert Clark

Bug Description

Scoped tokens are not endpoint bound, not matching user expectations.

A fix is in flight but won't be complete for some time and it may be useful to have an OSSN to provide guidance on the issue.

Consult with Nathan Kinder for more information.

Priti Desai (priti-desai) wrote :

I will take it up. Nathan, lets have a discussion on this. Thanks !!!

Changed in ossn:
assignee: nobody → Priti Desai (priti-desai)
Changed in ossn:
status: New → In Progress
importance: Undecided → High
Nathan Kinder (nkinder) wrote :

This note is related to the existing behavior that is described in this write-up:

    https://blog-nkinder.rhcloud.com/?p=101

Priti Desai (priti-desai) wrote :

Potential title: Keystone bearer tokens imply better security isolation than is actually implemented (OOSN-0025)

Nathan Kinder (nkinder) on 2014-10-23
Changed in ossn:
assignee: Priti Desai (priti-desai) → nobody
status: In Progress → New
Changed in ossn:
assignee: nobody → Robert Clark (robert-clark)
Nathan Kinder (nkinder) wrote :

This has been published as OSSN-0042 to the openstack and openstack-dev mailing lists:

  https://wiki.openstack.org/wiki/OSSN/OSSN-0042

Changed in ossn:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers