It sounds like the fix should be that either Aodh always triggers the trust creation, or that Aodh validates the trust it is given. I think both are acceptabled.
To validate the trust, Aodh should immediately activate the trust (use it to get a token) and in the token requests response, check the value of the trustor, confirming it matches the expected user.
Blindly accepting any Trust ID this way is certainly an error.
It sounds like the fix should be that either Aodh always triggers the trust creation, or that Aodh validates the trust it is given. I think both are acceptabled.
To validate the trust, Aodh should immediately activate the trust (use it to get a token) and in the token requests response, check the value of the trustor, confirming it matches the expected user.
Blindly accepting any Trust ID this way is certainly an error.