Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

On 2/16/15 11:48 AM, Lance Bragstad wrote: On Mon, Feb 16, 2015 at 1:21 PM, Samuel Merritt mailto:s...@swiftstack.com>> wrote: On 2/14/15 9:49 PM, Adam Young wrote: On 02/13/2015 04:19 PM, Morgan Fainberg wrote: On February 13, 2015 at 11:51:10 AM, Lance Bragstad

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

On Mon, Feb 16, 2015 at 1:21 PM, Samuel Merritt wrote: > On 2/14/15 9:49 PM, Adam Young wrote: > >> On 02/13/2015 04:19 PM, Morgan Fainberg wrote: >> >>> On February 13, 2015 at 11:51:10 AM, Lance Bragstad >>> (lbrags...@gmail.com ) wrote: >>> Hello all,

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

On 02/16/2015 02:21 PM, Samuel Merritt wrote: On 2/14/15 9:49 PM, Adam Young wrote: On 02/13/2015 04:19 PM, Morgan Fainberg wrote: On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com ) wrote: Hello all, I'm proposing the Authenticated Encrypti

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

On 2/14/15 9:49 PM, Adam Young wrote: On 02/13/2015 04:19 PM, Morgan Fainberg wrote: On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com ) wrote: Hello all, I'm proposing the Authenticated Encryption (AE) Token specification [1] as an SPFE. AE

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

+1 from me. On 13.02.2015 22:19, Morgan Fainberg wrote: On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com ) wrote: Hello all, I'm proposing the Authenticated Encryption (AE) Token specification [1] as an SPFE. AE tokens increases scalability

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

fwiw, the latest patch set has logic built in that determines the purpose of the key repository. If you want your deployment to sign tokens you can point Keystone to a key repository for that purpose. Likewise, tokens will only be encrypted if you tell Keystone to use a key repository for encryptin

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

On February 14, 2015 at 9:53:14 PM, Adam Young (ayo...@redhat.com) wrote: On 02/13/2015 04:19 PM, Morgan Fainberg wrote: On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com) wrote: Hello all,  I'm proposing the Authenticated Encryption (AE) Token specification [1] as an SPFE

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

On 02/13/2015 04:19 PM, Morgan Fainberg wrote: On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com ) wrote: Hello all, I'm proposing the Authenticated Encryption (AE) Token specification [1] as an SPFE. AE tokens increases scalability of Keysto

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

organ Fainberg > <mailto:morgan.fainb...@gmail.com>> > > To: Lance Bragstad mailto:lbrags...@gmail.com>>, > > "OpenStack Development > > Mailing List (not for usage questions)" > <mailto:openstack-dev@lists.openstack.org>> > > Da

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

ts.openstack.org> > > Date: 02/13/2015 04:24 PM > > Subject: Re: [openstack-dev] [keystone] SPFE: Authenticated > > Encryption (AE) Tokens > > > > On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com > > ) wrote: > > > Hello all, >

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

; Date: 02/13/2015 04:24 PM > Subject: Re: [openstack-dev] [keystone] SPFE: Authenticated > Encryption (AE) Tokens > > On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com > ) wrote: > Hello all, > > I'm proposing the Authenticated Encryption (AE) To

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

To Clarify, I meant I support this exception if the new provider supports all of our current use-cases. I was not stating this exception was approved without time for feedback from the community. --  Morgan Fainberg On February 13, 2015 at 1:19:17 PM, Morgan Fainberg (morgan.fainb...@gmail.com)

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

son [mailto:b...@acm.org] > *Sent:* Friday, February 13, 2015 12:59 PM > *To:* OpenStack Development Mailing List (not for usage questions) > *Subject:* Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption > (AE) Tokens > > > > > > We get a lot of complaints about pro

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

On February 13, 2015 at 11:51:10 AM, Lance Bragstad (lbrags...@gmail.com) wrote: Hello all,  I'm proposing the Authenticated Encryption (AE) Token specification [1] as an SPFE. AE tokens increases scalability of Keystone by removing token persistence. This provider has been discussed prior to,

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens We get a lot of complaints about problems caused by persistent tokens, so this would be great to see in K. Given the amount of work required to get it done, which

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

I am a vote of Yes for the Authenticated Encryption (AE) Token specification receiving a Spec Freeze exception. This approach has tremendous potential to significantly improve Keystone and POC code already exists. I feel there is enough runway that it is worth trying to move forward with this

Re: [openstack-dev] [keystone] SPFE: Authenticated Encryption (AE) Tokens

We get a lot of complaints about problems caused by persistent tokens, so this would be great to see in K. Given the amount of work required to get it done, which includes taking care of some other issues, like getting revocation events working and refactoring the token code (things which could hav