Comment 17 for bug 1324592
Revision history for this message
| Adam Young (ayoung) wrote Re: Trust scope can be circumvented by chaining trusts | #17 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
Where would is_delegated_auth flag live? In the token itself? It means a more invasive patch, and larger tokens. If outside of the token, it means we need a common library location for it, and none really suits the scoped of this patch.
Deleting a trust from a trust is a logically acceptable activity: it would give you a way to clean up.
Listing trusts from a trust is acceptable. Listing trusts provideds no additional access. It is an activity that may make sense withing some workflows.
Even creating a trust from a trust is logically acceptable, but it requires a lot more checks than can be done in the scope of this patch.
I'll work up an icehouse and havana version of the patch.