Bug 1041959

Summary: [RFE][keystone]: Enable limited trust chaining
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: openstack-keystoneAssignee: RHOS Maint <rhos-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Udi Kalifon <ukalifon>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aberezin, ayoung, breeler, markmc, nkinder, ukalifon, yeylon
Target Milestone: Upstream M3Keywords: FutureFeature, Triaged
Target Release: 5.0 (RHEL 7)   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/keystone/+spec/trusts-chained-delegation
Whiteboard: upstream_milestone_icehouse-3 upstream_status_implemented upstream_definition_new
Fixed In Version: openstack-keystone-2014.1-4.el7ost Doc Type: Enhancement
Doc Text:
Previously, Identity trusts allowed the trust to be used to issue tokens for an unlimited number of times as long as the trust was valid. This new feature adds the ability to specify the exact number of times that a trust can be used to issue tokens, allowing for uses such as a one-time use trust.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-22 12:00:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 20:18:05 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/trusts-chained-delegation.

Description:

In HK we discussed adding support for limited trust chaining, such that a user may authorize a service to delegate on their behalf, via a decrementing counter (where the default would still be no chaining of delegation)

https://etherpad.openstack.org/p/icehouse-delegation
https://gist.github.com/dolph/7366031

Specification URL (additional information):

None
Comment 2 Stephen Gordon 2014-02-06 14:08:15 UTC 
Updating based on BP milestone