Translations:ReleaseNotes/Kilo/67/en
- The "assignment" backend has been split into a "resource" backend (containing domains, projects, and roles) and an "assignment" backend, containing the authorization mapping model.
- Added support for trust redelegation. If allowed when the trust is initially created, a trustee can redelegate the roles from the trust via another trust.
- Added support for explicitly requesting an unscoped token from Keystone, even if the user has a
default_project_id
attribute set. - Deployers may now opt into disallowing the re-scoping of scoped tokens by setting
[token] allow_rescope_scoped_token = false
inkeystone.conf
.