Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/service-isolation-and-roles-delegation.

Description:

The current model for validation Keystone tokens by OpenStack services using the middleware does not provide sufficient isolation of services. Scoping of tokens to a tenant/project level is not sufficient to isolate services and to prevent services from using the tokens issued by Keystone and scoped for a tenant to be used by services for accessing user’s resources on other services within the same tenant. Once the user passes a token to a service the user loses control on how the token is used by a service. The services may use the tokens provided by a user to access other services and confidential information without user’s knowledge. In some cases, this is a desired behavior where a service really needs to access some resources on another service on user’s behalf. However, the end user must explicitly grant permissions for using of his/her token to access other services.


Specification URL (additional information):

http://wiki.openstack.org/Keystone/Service-Isolation-And-Roles-Delegation