Hi Adam, The blueprint as revised to address Joe's comments looks good to me - nice work. I especially like how the middleware is intended to cache the revocation list for a configurable amount of time - it mirrors how token caching already works. Cheers, Maru On 2012-08-07, at 10:09 AM, Adam Young wrote: > On 08/01/2012 09:19 PM, Maru Newby wrote: >> >> I see that support for PKI Signed Tokens has been added to Keystone without support for token revocation. I tried to raise this issue on the bug report: >> >> https://bugs.launchpad.net/keystone/+bug/1003962/comments/4 >> >> And the review: >> >> https://review.openstack.org/#/c/7754/ >> >> I'm curious as to whether anybody shares my concern and if there is a specific reason why nobody responded to my question as to why revocation is not required for this new token scheme. Anybody? > > I have written up a blueprint for PKI token revocation. Please provide feedback. > > > https://blueprints.launchpad.net/keystone/+spec/pki-revoke > >> >> Thanks, >> >> >> Maru >> >> >> >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~openstack >> Post to : openstack at lists.launchpad.net >> Unsubscribe : https://launchpad.net/~openstack >> More help : https://help.launchpad.net/ListHelp > > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack at lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120809/c05f3131/attachment.html>