[Openstack] [keystone] Why are we returing such a big payload in validate token?
Adam Young
ayoung at redhat.com
Fri Feb 1 02:24:46 UTC 2013
On 01/31/2013 07:44 PM, Ali, Haneef wrote:
>
> Hi,
>
> As of now v3 validateToken response has "tokens, service catalog,
> users, project , roles and domains. (i.e) Except for groups we are
> returning everything. We also discussed about the possibility of 100s
> of endpoints. ValidateToken is supposed to be a high frequency call .
> This is
>
Validate token should not going be a high frequency call. The
information is encapsulated inside the signed token for just that reason.
I would agree with the sentiment, however, that we are cramming a lot of
info into the token. TOkens should be scoped much, much more finely: by
default one service or endpoint, and one tenant.
The only thing that should require the full service catalog is the
initial request of an unsigned token, and that should merely go back to
the client.
> going to be a huge performance impact . What is the use case for such
> a big payload when compared with v2?
>
> If a service needs catalog , then the service can always ask for the
> catalog.
>
> Thanks
>
> Haneef
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130131/5289460b/attachment.html>
More information about the Openstack
mailing list