OpenStack Identity (keystone)

Allow Standalone Trusts without Trustee User

Registered by Johannes Grassler

Currently, Keystone trusts require a trustee user to delegate the trust to. This way they are only usable in a scenario where they are delegated to a service user or to a dedicated user created by a service user. This adds a lot of user administration overhead with little security benefit. This blueprint adds a way to tie a trust to a standalone API key that can be used to acquire a token scoped to the trust without requiring a user account.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Johannes Grassler
Direction:
Needs approval
Assignee:
Johannes Grassler
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Morgan Fainberg

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:standalone-trusts,n,z

Addressed by: https://review.openstack.org/396634
    Added spec on standalone trusts

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.