Greetings!! Does anyone know why keystone design supports the creation of a fresh token for each time a user logs-in/requests a token Even if in the system there are un-expired tokens for the said user? Design justification? Apart from buggy code creating an explosion of tokens, this is a route for denial of service. Related bugs .. https://bugs.launchpad.net/keystone/+bug/1168399 https://bugs.launchpad.net/keystone/+bug/1178063 Regards Malini