[openstack-dev] [keystone] long term fate of UUID token?
dolph.mathews at gmail.com
Thu Jul 18 12:09:10 UTC 2013
There's still appears to be considerable demand for UUID tokens,
considering their simplicity relative to PKI tokens (no additional setup
required, convenient length for copy/pasting around). There are also
trade-offs when deciding between UUID and PKI tokens (e.g. network chatter
vs CPU time, revocation behavior, etc).
I don't think we can consider UUID tokens deprecated yet, although I would
certainly encourage everyone using them to take a hard look at PKI. I
suspect that most of the deployers that tried PKI but stuck with UUID
tokens did so because they ran into configuration / debugging issues with
PKI tokens, and keeping UUID was the easiest solution. Hopefully we've
resolved a lot of those bugs, so I'd be interested in hearing any continued
reasoning for not making the switch.
On Thu, Jul 18, 2013 at 6:53 AM, Sean Dague <sean at dague.net> wrote:
> Because it came up in this devstack review -
> https://review.openstack.org/#**/c/37151/<https://review.openstack.org/#/c/37151/>I'm curious what the long term fate of UUID token is in keystone. It's no
> longer the default, but is it expected to continue to be supported for the
> forseable future?
> If it's being deprecated in keystone, now would be a good time to ween
> folks off it by not having it in devstack. If not, we should allow the
> option back into devstack.
> Sean Dague
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.**org <OpenStack-dev at lists.openstack.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev