yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1216408] Re: oauth1 - consumer specifies roles instead of delegator

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 05 Sep 2013 09:26:00 -0000
Reply-to: Bug 1216408 <1216408@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1216408

Title:
  oauth1 - consumer specifies roles instead of delegator

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  From the mailing list [1]:

  > How does the delegate know which role to request? This is
  unintuitive. A delegator (rather than delegate) knows the role he
  wants to delegate. One would normally expect the delegator to request
  Keystone to delegate this role to the named delegate, rather than the
  delegate asking for a role to be delegated to it, since it requires an
  out of band communications between the delegator and delegate to take
  place before the delegation, in which the delegator tells the delegate
  its un/pw and the role it should ask for. This seems to be a rather
  contrived exchange of messages.

  This design fault is present in both the spec and the current
  implementation.

  [1]: http://lists.openstack.org/pipermail/openstack-
  dev/2013-June/010402.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1216408/+subscriptions