[openstack-dev] [Keystone] Group changes must revoke tokens

Adam Young ayoung at redhat.com
Wed Dec 19 14:25:58 UTC 2012

Since both of you are working on stuff invloving how Roles are assigned 
to users, I want you to both be aware of an important issue.  When a 
users roles change, their tokens get invalidated. Since both the group 
and mapping blueprints will affect Role assignments, both can have 
significant effects on the number of users whose tokens get revoked.

Please update both of your blueprints to reflect this.    We will need a 
common mechanism for determining which tokens to revoke.

This must happen before anything that changes  role assignments can be 

More information about the OpenStack-dev mailing list