OpenStack Security Notes

Keystone "scoped tokens" imply better security isolation than is actually implemented

Bug #1341816 reported by Robert Clark
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Security Notes
Fix Released
High
Robert Clark

Bug Description

Scoped tokens are not endpoint bound, not matching user expectations.

A fix is in flight but won't be complete for some time and it may be useful to have an OSSN to provide guidance on the issue.

Consult with Nathan Kinder for more information.

Revision history for this message
Priti Desai (priti-desai) wrote :

I will take it up. Nathan, lets have a discussion on this. Thanks !!!

Changed in ossn:
assignee: nobody → Priti Desai (priti-desai)
Robert Clark (robert-clark)
Changed in ossn:
status: New → In Progress
importance: Undecided → High
Revision history for this message
Nathan Kinder (nkinder) wrote :

This note is related to the existing behavior that is described in this write-up:

    https://blog-nkinder.rhcloud.com/?p=101

Revision history for this message
Priti Desai (priti-desai) wrote :

Potential title: Keystone bearer tokens imply better security isolation than is actually implemented (OOSN-0025)

Nathan Kinder (nkinder)
Changed in ossn:
assignee: Priti Desai (priti-desai) → nobody
status: In Progress → New
Robert Clark (robert-clark)
Changed in ossn:
assignee: nobody → Robert Clark (robert-clark)
Revision history for this message
Nathan Kinder (nkinder) wrote :

This has been published as OSSN-0042 to the openstack and openstack-dev mailing lists:

  https://wiki.openstack.org/wiki/OSSN/OSSN-0042

Changed in ossn:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.