[openstack-dev] [keystone] long term fate of UUID token?

Dolph Mathews dolph.mathews at gmail.com
Thu Jul 18 12:09:10 UTC 2013


There's still appears to be considerable demand for UUID tokens,
considering their simplicity relative to PKI tokens (no additional setup
required, convenient length for copy/pasting around). There are also
trade-offs when deciding between UUID and PKI tokens (e.g. network chatter
vs CPU time, revocation behavior, etc).

I don't think we can consider UUID tokens deprecated yet, although I would
certainly encourage everyone using them to take a hard look at PKI. I
suspect that most of the deployers that tried PKI but stuck with UUID
tokens did so because they ran into configuration / debugging issues with
PKI tokens, and keeping UUID was the easiest solution. Hopefully we've
resolved a lot of those bugs, so I'd be interested in hearing any continued
reasoning for not making the switch.


On Thu, Jul 18, 2013 at 6:53 AM, Sean Dague <sean at dague.net> wrote:

> Because it came up in this devstack review -
> https://review.openstack.org/#**/c/37151/<https://review.openstack.org/#/c/37151/>I'm curious what the long term fate of UUID token is in keystone. It's no
> longer the default, but is it expected to continue to be supported for the
> forseable future?
>
> If it's being deprecated in keystone, now would be a good time to ween
> folks off it by not having it in devstack. If not, we should allow the
> option back into devstack.
>
>         -Sean
>
> --
> Sean Dague
> http://dague.net
>
> ______________________________**_________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.**org <OpenStack-dev at lists.openstack.org>
> http://lists.openstack.org/**cgi-bin/mailman/listinfo/**openstack-dev<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>



-- 

-Dolph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130718/a4e649d7/attachment.html>


More information about the OpenStack-dev mailing list