yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1259011] Re: Certificates cannot be retrieved from the V3 API

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1259011@xxxxxxxxxxxxxxxxxx>
Date: Mon, 09 Dec 2013 13:30:02 -0000
Reply-to: Bug 1259011 <1259011@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Isn't this exposed on v3 but not documented... again?

** Also affects: openstack-api-site
   Importance: Undecided
       Status: New

** Changed in: keystone
   Importance: Undecided => Wishlist

** Changed in: python-keystoneclient
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1259011

Title:
  Certificates cannot be retrieved from the V3 API

Status in OpenStack Identity (Keystone):
  New
Status in OpenStack API documentation site:
  New
Status in Python client library for Keystone:
  New

Bug description:
  Auth_token middleware relies upon the V2 api to provide the
  certificates that are required to validate PKI tokens because this
  information is not provided by the V3 API.

  Longer term i think we should be encouraging deployers to handle their
  own certificate distribution as fetching the certificates from the
  same source that is issuing tokens is not secure, however for the mean
  time we need some way of providing these certificates to token
  validators.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1259011/+subscriptions

References

[Bug 1259011] [NEW] Certificates cannot be retrieved from the V3 API
From: Jamie Lennox, 2013-12-09