Include groups in scoped federated tokens
Group ids should be stored project/domain scoped tokens as such tokens are the snapshot of the 'identity' (along with dynamically calculated groups) and no information can be retriever from other places than the token itself. By not putting such groups in the token we risk a chance of losing information about ephemeral user.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Marek Denis
- Direction:
- Needs approval
- Assignee:
- Marek Denis
- Definition:
- New
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Steve Martinelli
- Completed by
- Steve Martinelli
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by (keystone): https:/
Add groups in scoped federated tokens
Addressed by (keystone-specs): https:/
Include groups in federated scoped tokens
Addressed by: https:/
Fernet payloads for federated scoped tokens.
Addressed by: https:/
Refactor _populate_
Addressed by: https:/
Refactor: Provider.
Addressed by: https:/
Refactor: rename Fernet's unscoped federated payload
stevemar: 2016-02-02: this has been completed and in the liberty release
Addressed by: https:/
Add groups in scoped federated tokens