Hi all, I'd like some of the original OpenStack Security Guide authors to triage this doc bug. https://bugs.launchpad.net/openstack-manuals/+bug/1253823 Is this a true concern? Please weigh in on the bug. This chapter says "The Identity service could alternatively be configured to provide UUID tokens which are significantly shorter but may be less secure depending on your specific deployment model." There's not meant to be any difference in security between using PKI versus UUID tokens. PKI tokens are supposed to save on network traffic and keystone server CPU (although I'm not sure that they do). Choosing PKI or UUID isn't a question of PKI is more secure. They're the same. ----------------------------------- Built: 2013-11-21T20:48:44 00:00 git SHA: 216e166bd12b79d533be12c139aaef740a2ff7f1 URL: http://docs.openstack.org/security-guide/content/ch024_authentication.html source File: file:/home/jenkins/workspace/openstack-security-guide/doc/security-guide/ch024_authentication.xml xml:id: ch024_authentication Anne Gentle Content Stacker my blog<http://justwriteclick.com/> | my book<http://xmlpress.net/publications/conversation-community/> | LinkedIn<http://www.linkedin.com/in/annegentle> | Delicious<http://del.icio.us/annegentle> | Twitter<http://twitter.com/annegentle> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131206/d5497c26/attachment.html>