[openstack-dev] 2 Minute tokens
Adam Young
ayoung at redhat.com
Tue Sep 30 14:44:51 UTC 2014
What is keeping us from dropping the (scoped) token duration to 5 minutes?
If we could keep their lifetime as short as network skew lets us, we
would be able to:
Get rid of revocation checking.
Get rid of persisted tokens.
OK, so that assumes we can move back to PKI tokens, but we're working
on that.
What are the uses that require long lived tokens? Can they be replaced
with a better mechanism for long term delegation (OAuth or Keystone
trusts) as Heat has done?
More information about the OpenStack-dev
mailing list