On Aug 23, 2013 12:24 PM, "Dolph Mathews" <dolph.math...@gmail.com> wrote: > > > On Fri, Aug 23, 2013 at 10:51 AM, Miller, Mark M (EB SW Cloud - R&D - Corvallis) <mark.m.mil...@hp.com> wrote: >> >> Hello, >> >> >> >> I would think you would want to reuse the same token but update the expiration time as if it were the first time the token had been generated. > > > That wouldn't work for PKI tokens, as the resulting signature would have to change. > >> >> >> >> Mark >> >> >> >> From: Yongsheng Gong [mailto:gong...@unitedstack.com] >> Sent: Friday, August 23, 2013 12:40 AM >> To: OpenStack Development Mailing List >> Subject: [openstack-dev] [keystone] Two BPs for managing the tokens >> >> >> >> Hi, >> >> Talked with Henry Nash and Jamie Lennox on IRC, I have created two BPs to manage the keystone tokens: >> >> 1. https://blueprints.launchpad.net/keystone/+spec/periodically-flush-expired-token >> >> which is used to delete expired token >> >> 2. https://blueprints.launchpad.net/keystone/+spec/reuse-token >> >> which will re-use valid token >> >> >> >> These two BPs will help us to reduce the token records in token table enormously. >> >> >> >> I have put some ideas on the BP description. >> >> >> >> Any comments are welcome. >>
What about Adam Young's vision for keystone, which I like, http://adam.younglogic.com/2013/07/a-vision-for-keystone/ These two blueprints don't appear to be in line with it. Also, instead of making keystone reuse tokens why not make the token reuse in the clients better (keyring based). Last I checked it was disabled and broken in nova (there was a patch to fix it, but keep it disabled) >> >> >> >> >> Regards, >> >> Yong Sheng Gong >> >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > > -- > > -Dolph > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
