What is keeping us from dropping the (scoped) token duration to 5 minutes?
If we could keep their lifetime as short as network skew lets us, we
would be able to:
Get rid of revocation checking.
Get rid of persisted tokens.
OK, so that assumes we can move back to PKI tokens, but we're working
What are the uses that require long lived tokens? Can they be replaced
with a better mechanism for long term delegation (OAuth or Keystone
trusts) as Heat has done?
OpenStack-dev mailing list