Merge branch 'feat/generator-form' of github.com:/SovereignCloudStack…

…/standards into feat/generator-form

Standards/scs-0302-v1-domain-manager-role.md

@@ -99,13 +99,15 @@ This means that by creating a new role and extending Keystone's API policy confi
 
 The approach described in this standard imposes the following limitations:
 
-1. as a result of the "`identity:list_domains`" rule (see below), Domain Managers are able to see all domains via "`openstack domain list`" and can inspect the metadata of other domains with "`openstack domain show`"
+1. as a result of the "`identity:list_domains`" rule (see below), Domain Managers are able to see all domains[^5] via "`openstack domain list`" and can inspect the metadata of other domains with "`openstack domain show`"
 2. as a result of the "`identity:list_roles`" rule (see below), Domain Managers are able to see all roles via "`openstack role list`" and can inspect the metadata of other roles with "`openstack role show`"
 
 **As a result of points 1 and 2, metadata of all domains and roles will be exposed to all Domain Managers!**
 
 If a CSP deems either of these points critical, they may abstain from granting the Domain Manager role to users, effectively disabling the functionality. See [Impact](#impact).
 
+[^5]: see the [corresponding Launchpad bug at Keystone](https://bugs.launchpad.net/keystone/+bug/2041611)
+
 ## Decision
 
 A role named "`domain-manager`" is to be created via the Keystone API and the policy adjustments quoted below are to be applied.