OpenStack Identity (keystone)

Enable limited trust chaining

Registered by Steven Hardy

In HK we discussed adding support for limited trust chaining, such that a user may authorize a service to delegate on their behalf, via a decrementing counter (where the default would still be no chaining of delegation)

https://etherpad.openstack.org/p/icehouse-delegation
https://gist.github.com/dolph/7366031

Blueprint information

Status:
Complete
Approver:
None
Priority:
Medium
Drafter:
None
Direction:
Needs approval
Assignee:
Matthieu Huin
Definition:
New
Series goal:
Accepted for icehouse
Implementation:
Implemented
Milestone target:
milestone icon 2014.1
Started by
Dolph Mathews
Completed by
Dolph Mathews

Related branches

Sprints

Whiteboard

Looks like this was spec'd in https://review.openstack.org/#/c/57481/ (merged)

https://review.openstack.org/#/c/56243/

https://review.openstack.org/#/c/57492/ (client side patch, abandoned)

Gerrit topic: https://review.openstack.org/#q,topic:bp/trusts-chained-delegation,n,z

Addressed by: https://review.openstack.org/56243
    Limited use trusts

(shardy) for some reason this is marked as implemented, but AFAICT the patch above does not implement what I described in the BP?

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

Nearby

This blueprint contains Public information 
Everyone can see this information.