OpenStack Identity (keystone)

Include groups in scoped federated tokens

Registered by Marek Denis

Group ids should be stored project/domain scoped tokens as such tokens are the snapshot of the 'identity' (along with dynamically calculated groups) and no information can be retriever from other places than the token itself. By not putting such groups in the token we risk a chance of losing information about ephemeral user.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Marek Denis
Direction:
Needs approval
Assignee:
Marek Denis
Definition:
New
Series goal:
None
Implementation:
Implemented
Milestone target:
None
Started by
Steve Martinelli
Completed by
Steve Martinelli

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/groups-in-federated-scoped-tokens,n,z

Addressed by (keystone): https://review.openstack.org/207167
    Add groups in scoped federated tokens

Addressed by (keystone-specs): https://review.openstack.org/207159
    Include groups in federated scoped tokens

Addressed by: https://review.openstack.org/202176
    Fernet payloads for federated scoped tokens.

Addressed by: https://review.openstack.org/207785
    Refactor _populate_roles_for_groups()

Addressed by: https://review.openstack.org/208872
    Refactor: Provider._rebuild_federated_info()

Addressed by: https://review.openstack.org/202190
    Refactor: rename Fernet's unscoped federated payload

stevemar: 2016-02-02: this has been completed and in the liberty release

Addressed by: https://review.openstack.org/279922
    Add groups in scoped federated tokens

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.