yahoo-eng-team team mailing list archive

Thread
Date

[Bug 943488] Re: (feature request) allow multiple credentials per user for phased credential rotation

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Mon, 11 Mar 2013 09:11:00 -0000
Reply-to: Bug 943488 <943488@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/943488

Title:
  (feature request) allow multiple credentials per user for phased
  credential rotation

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  In order to change the credentials for a running application, it is
  useful to be able to have multiple active credentials for a given user
  account.  It allows the following procedure for credential rotation:

  * create new credential
  * change client configuration to use new credential
  * revoke old credential

  In large production enviromnents, it is often infeasible to change all
  the clients at once, requiring a slow shift from the old to the new
  credential.  Amazon describes this approach here:
  http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#CredentialRotation

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/943488/+subscriptions