[openstack-dev] Concerns about the ballooning size of keystone tokens

Dolph Mathews dolph.mathews at gmail.com
Wed May 21 20:09:27 UTC 2014 

On Wed, May 21, 2014 at 2:36 PM, Kurt Griffiths <
kurt.griffiths at rackspace.com> wrote:

>  Good to know, thanks for clarifying. One thing I’m still fuzzy on,
> however, is why we want to deprecate use of UUID tokens in the first place?
> I’m just trying to understand the history here...
>

I don't think anyone has seriously discussed deprecating UUID tokens, only
that the number of benefits UUID has over PKI is rapidly diminishing as our
PKI implementation improves.


>
>   From: Morgan Fainberg <morgan.fainberg at gmail.com>
> Reply-To: OpenStack Dev <openstack-dev at lists.openstack.org>
> Date: Wednesday, May 21, 2014 at 1:23 PM
> To: OpenStack Dev <openstack-dev at lists.openstack.org>
> Subject: Re: [openstack-dev] Concerns about the ballooning size of
> keystone tokens
>
>  This is part of what I was referencing in regards to lightening the data
> stored in the token. Ideally, we would like to see an "ID only" token that
> only contains the basic information to act. Some initial tests show these
> tokens should be able to clock in under 1k in size. However all the details
> are not fully defined yet. Coupled with this data reduction there will be
> explicit definitions of the data that is meant to go into the tokens. Some
> of the data we have now is a result of convenience of accessing the data.
>
>  I hope to have this token change available during Juno development
> cycle.
>
>  There is a lot of work to be done to ensure this type of change goes
> smoothly. But this is absolutely on the list of things we would like to
> address.
>
>  Cheers,
> Morgan
>
>  Sent via mobile
>
> On Wednesday, May 21, 2014, Kurt Griffiths <kurt.griffiths at rackspace.com>
> wrote:
>
>> > adding another ~10kB to each request, just to save a once-a-day call to
>> >Keystone (ie uuid tokens) seems to be a really high price to pay for not
>> >much benefit.
>>
>> I have the same concern with respect to Marconi. I feel like KPI tokens
>> are fine for control plane APIs, but don’t work so well for high-volume
>> data APIs where every KB counts.
>>
>> Just my $0.02...
>>
>> --Kurt
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140521/58e8c30c/attachment.html>

More information about the OpenStack-dev mailing list