What is keeping us from dropping the (scoped) token duration to 5 minutes?

If we could keep their lifetime as short as network skew lets us, we would be able to:

Get rid of revocation checking.
Get rid of persisted tokens.

OK, so that assumes we can move back to PKI tokens, but we're working on that.

What are the uses that require long lived tokens? Can they be replaced with a better mechanism for long term delegation (OAuth or Keystone trusts) as Heat has done?

OpenStack-dev mailing list

Reply via email to