[openstack-dev] Concerns about the ballooning size of keystone tokens
Adam Young
ayoung at redhat.com
Wed May 21 20:52:55 UTC 2014
On 05/21/2014 02:00 PM, Kurt Griffiths wrote:
>> adding another ~10kB to each request, just to save a once-a-day call to
>> Keystone (ie uuid tokens) seems to be a really high price to pay for not
>> much benefit.
> I have the same concern with respect to Marconi. I feel like KPI tokens
> are fine for control plane APIs, but don’t work so well for high-volume
> data APIs where every KB counts.
For those you should use Symmetric MACs IAW Kite.
For low volume authentication you should use PKI
You don't save the data, it just gets transferred at a different point.
It is the service catalog that is what makes it variable in size, and we
have an option to turn off the Service catalog in a token.
>
> Just my $0.02...
>
> --Kurt
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list