* The "assignment" backend has been split into a "resource" backend (containing domains, projects, and roles) and an "assignment" backend, containing the authorization mapping model. * Added support for trust redelegation. If allowed when the trust is initially created, a trustee can redelegate the roles from the trust via another trust. * Added support for explicitly requesting an unscoped token from Keystone, even if the user has a <code>default_project_id</code> attribute set. * Deployers may now opt into disallowing the re-scoping of scoped tokens by setting <code>[token] allow_rescope_scoped_token = false</code> in <code>keystone.conf</code>.
default_project_id
keystone.conf
[token] allow_rescope_scoped_token = false