[openstack-dev] [Keystone] Group changes must revoke tokens
ayoung at redhat.com
Wed Dec 19 14:25:58 UTC 2012
Since both of you are working on stuff invloving how Roles are assigned
to users, I want you to both be aware of an important issue. When a
users roles change, their tokens get invalidated. Since both the group
and mapping blueprints will affect Role assignments, both can have
significant effects on the number of users whose tokens get revoked.
Please update both of your blueprints to reflect this. We will need a
common mechanism for determining which tokens to revoke.
This must happen before anything that changes role assignments can be
More information about the OpenStack-dev