On Sat, Dec 21, 2013 at 4:07 PM, Jay Pipes <jaypipes at gmail.com> wrote: > On 12/21/2013 03:27 PM, Ryan Lane wrote: > >> On Thu, Dec 19, 2013 at 9:05 PM, 陈锐 <chenrui.momo at gmail.com >> <mailto:chenrui.momo at gmail.com>> wrote: >> >> I think you should use UUID token and backend should be sql or >> memcache >> >> >> If you want this to work across regions, redis or sql is likely what you >> want (with replication). sql with galera is likely the best option if >> you want to avoid a SPOF for writes. >> > > For the identity backend, yes :) But definitely not for the token backend! > > Really? Why shouldn't the tokens be shared between the regions? Wouldn't that mean you need to authenticate for each region to get unscoped tokens? - Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131221/7edfcd20/attachment.html>