Bug 1041959 - [RFE][keystone]: Enable limited trust chaining
Summary: [RFE][keystone]: Enable limited trust chaining
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Upstream M3
: 5.0 (RHEL 7)
Assignee: RHOS Maint
QA Contact: Udi Kalifon
URL: https://blueprints.launchpad.net/keys...
Whiteboard: upstream_milestone_icehouse-3 upstrea...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-12 20:18 UTC by RHOS Integration
Modified: 2016-04-26 14:27 UTC (History)
7 users (show)

Fixed In Version: openstack-keystone-2014.1-4.el7ost
Doc Type: Enhancement
Doc Text:
Previously, Identity trusts allowed the trust to be used to issue tokens for an unlimited number of times as long as the trust was valid. This new feature adds the ability to specify the exact number of times that a trust can be used to issue tokens, allowing for uses such as a one-time use trust.
Clone Of:
Environment:
Last Closed: 2014-06-22 12:00:38 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2014:0854 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement - Identity 2014-07-08 19:22:33 UTC

Description RHOS Integration 2013-12-12 20:18:05 UTC
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/trusts-chained-delegation.

Description:

In HK we discussed adding support for limited trust chaining, such that a user may authorize a service to delegate on their behalf, via a decrementing counter (where the default would still be no chaining of delegation)

https://etherpad.openstack.org/p/icehouse-delegation
https://gist.github.com/dolph/7366031

Specification URL (additional information):

None

Comment 2 Stephen Gordon 2014-02-06 14:08:15 UTC
Updating based on BP milestone


Note You need to log in before you can comment on or make changes to this bug.