[openstack-dev] [keystone] Two BPs for managing the tokens
Joe Gordon
joe.gordon0 at gmail.com
Fri Aug 23 16:43:27 UTC 2013
On Aug 23, 2013 12:24 PM, "Dolph Mathews" <dolph.mathews at gmail.com> wrote:
>
>
> On Fri, Aug 23, 2013 at 10:51 AM, Miller, Mark M (EB SW Cloud - R&D -
Corvallis) <mark.m.miller at hp.com> wrote:
>>
>> Hello,
>>
>>
>>
>> I would think you would want to reuse the same token but update the
expiration time as if it were the first time the token had been generated.
>
>
> That wouldn't work for PKI tokens, as the resulting signature would have
to change.
>
>>
>>
>>
>> Mark
>>
>>
>>
>> From: Yongsheng Gong [mailto:gongysh at unitedstack.com]
>> Sent: Friday, August 23, 2013 12:40 AM
>> To: OpenStack Development Mailing List
>> Subject: [openstack-dev] [keystone] Two BPs for managing the tokens
>>
>>
>>
>> Hi,
>>
>> Talked with Henry Nash and Jamie Lennox on IRC, I have created two BPs
to manage the keystone tokens:
>>
>> 1.
https://blueprints.launchpad.net/keystone/+spec/periodically-flush-expired-token
>>
>> which is used to delete expired token
>>
>> 2. https://blueprints.launchpad.net/keystone/+spec/reuse-token
>>
>> which will re-use valid token
>>
>>
>>
>> These two BPs will help us to reduce the token records in token table
enormously.
>>
>>
>>
>> I have put some ideas on the BP description.
>>
>>
>>
>> Any comments are welcome.
>>
What about Adam Young's vision for keystone, which I like,
http://adam.younglogic.com/2013/07/a-vision-for-keystone/
These two blueprints don't appear to be in line with it.
Also, instead of making keystone reuse tokens why not make the token reuse
in the clients better (keyring based). Last I checked it was disabled and
broken in nova (there was a patch to fix it, but keep it disabled)
>>
>>
>>
>>
>> Regards,
>>
>> Yong Sheng Gong
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
>
> --
>
> -Dolph
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130823/0835fac9/attachment.html>
More information about the OpenStack-dev
mailing list