** Changed in: keystone
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1268751
Title:
Potential token revocation abuse via group
An OSSN on this issue has been published to the wiki, openstack-dev, and
openstack mailing lists:
http://git.openstack.org/cgit/openstack/openstack-security-
notes/commit/?id=5380798f052eaebc023271c90d65b8f6d6fa6331
https://wiki.openstack.org/w/index.php?title=OSSN/OSSN-0009&action=edit&redlink=1
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1268751
Title:
Potential token revocation abuse via group membership
Status in
So it looks like this is not really fisable in stable branches... it
should rather be documented as a known issue when you set up specific
policies, so that you know what to expect if you do enable them this
way. That would make it OSSN territory.
The whole situation will be avoided in the future
** Also affects: keystone/grizzly
Importance: Undecided
Status: New
** Also affects: keystone/havana
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.laun
5 matches
Mail list logo