yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #76852
[Bug 1814570] [NEW] Tokenless auth does not support system scope
Public bug reported:
One of the most useful features of X.509 tokenless is to enable services
to validate user tokens without having to obtain a service auth token.
However, with the migration to system scope, this feature is effectively
broken as the default policies had been updated to require a system-
scoped token for these operations. We'll need to update the X.509
tokenless feature to support system-scoped token. Perhaps this can also
be done by using a new header to convey the system scope intention?
** Affects: keystone
Importance: Undecided
Status: New
** Tags: x509
** Tags added: x509
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1814570
Title:
Tokenless auth does not support system scope
Status in OpenStack Identity (keystone):
New
Bug description:
One of the most useful features of X.509 tokenless is to enable
services to validate user tokens without having to obtain a service
auth token. However, with the migration to system scope, this feature
is effectively broken as the default policies had been updated to
require a system-scoped token for these operations. We'll need to
update the X.509 tokenless feature to support system-scoped token.
Perhaps this can also be done by using a new header to convey the
system scope intention?
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1814570/+subscriptions