This was a concern for HP as well. This is one of the reasons we were happy to see that signed tokens are currently a deployment option. So, you can continue to use the unsigned model until such a time that revocation can be put into place for the token signing model.
Jason From: openstack-bounces+jason.rouault=hp....@lists.launchpad.net [mailto:openstack-bounces+jason.rouault=hp....@lists.launchpad.net] On Behalf Of Maru Newby Sent: Wednesday, August 01, 2012 7:20 PM To: <openstack@lists.launchpad.net> (openstack@lists.launchpad.net) Subject: [Openstack] Keystone: 'PKI Signed Tokens' lack support for revocation I see that support for PKI Signed Tokens has been added to Keystone without support for token revocation. I tried to raise this issue on the bug report: https://bugs.launchpad.net/keystone/+bug/1003962/comments/4 And the review: https://review.openstack.org/#/c/7754/ I'm curious as to whether anybody shares my concern and if there is a specific reason why nobody responded to my question as to why revocation is not required for this new token scheme. Anybody? Thanks, Maru
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp