On Oct 21, 2012 12:11 PM, "Joe Savak" <joe.sa...@rackspace.com> wrote: > > +1. ;) > > So the issue is that the v2 API contract allows a token to be scoped to multiple tenants. For v3, I'd like to have the same flexibility. I don't see security issues, as if a token were to be sniffed you can change the password of the account using it and use those creds to scope tokens to any tenant you wish. >
Isn't that a security issue in and of itself? Shouldn't we force re-auth to change the password? Nate
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
