On 10/13/2014 06:21 PM, Preston L. Bannister wrote:
Too-short token expiration times are one of my concerns, in my current
exercise.
Working on a replacement for Nova backup. Basically creating backups
jobs, writing the jobs into a queue, with a background worker that
reads jobs from the queu
Too-short token expiration times are one of my concerns, in my current
exercise.
Working on a replacement for Nova backup. Basically creating backups jobs,
writing the jobs into a queue, with a background worker that reads jobs
from the queue. Tokens could expire while the jobs are in the queue (n
On 10/01/2014 04:14 AM, Steven Hardy wrote:
On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam Young wrote:
What is keeping us from dropping the (scoped) token duration to 5 minutes?
If we could keep their lifetime as short as network skew lets us, we would
be able to:
Get rid of revocation check
On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam Young wrote:
> What is keeping us from dropping the (scoped) token duration to 5 minutes?
>
>
> If we could keep their lifetime as short as network skew lets us, we would
> be able to:
>
> Get rid of revocation checking.
> Get rid of persisted token
On Wed, Oct 1, 2014 at 3:47 AM, Adam Young wrote:
> 1. Identify the roles for the APIs that Cinder is going to be calling on
> swift based on Swifts policy.json
FYI: there is no Swifts policy.json in mainline code, there is one external
middleware available that provides it here
https://github
> This is comparable to the HEAT use case that Keystone Trusts were
originally designed to solve.
>
> If the glance client knows the roles required to perform those
operations, it could create the trust up front, with the Glance
Service user as the trustee; the trustee execute the trust when
On Oct 1, 2014 12:37 AM, "Adam Young" wrote:
>
> On 09/30/2014 12:21 PM, Sean Dague wrote:
>>
>> On 09/30/2014 11:58 AM, Jay Pipes wrote:
>>>
>>> On 09/30/2014 11:37 AM, Adam Young wrote:
On 09/30/2014 11:06 AM, Louis Taylor wrote:
>
> On Tue, Sep 30, 2014 at 10:44:51AM -0400, Ad
On 09/30/2014 05:33 PM, Adam Young wrote:
On 09/30/2014 12:21 PM, Sean Dague wrote:
On 09/30/2014 11:58 AM, Jay Pipes wrote:
On 09/30/2014 11:37 AM, Adam Young wrote:
On 09/30/2014 11:06 AM, Louis Taylor wrote:
On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam Young wrote:
What are the uses th
On 09/30/2014 12:21 PM, Sean Dague wrote:
On 09/30/2014 11:58 AM, Jay Pipes wrote:
On 09/30/2014 11:37 AM, Adam Young wrote:
On 09/30/2014 11:06 AM, Louis Taylor wrote:
On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam Young wrote:
What are the uses that require long lived tokens?
Glance has op
On Tue, Sep 30, 2014 at 04:23:37PM -0400, Adam Young wrote:
> On 09/30/2014 12:21 PM, Sean Dague wrote:
> >On 09/30/2014 11:58 AM, Jay Pipes wrote:
> >>On 09/30/2014 11:37 AM, Adam Young wrote:
> >>>On 09/30/2014 11:06 AM, Louis Taylor wrote:
> On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam You
On 09/30/2014 12:21 PM, Sean Dague wrote:
On 09/30/2014 11:58 AM, Jay Pipes wrote:
On 09/30/2014 11:37 AM, Adam Young wrote:
On 09/30/2014 11:06 AM, Louis Taylor wrote:
On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam Young wrote:
What are the uses that require long lived tokens?
Glance has op
On 09/30/2014 11:58 AM, Jay Pipes wrote:
> On 09/30/2014 11:37 AM, Adam Young wrote:
>> On 09/30/2014 11:06 AM, Louis Taylor wrote:
>>> On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam Young wrote:
What are the uses that require long lived tokens?
>>> Glance has operations which can take a long
On 09/30/2014 11:37 AM, Adam Young wrote:
On 09/30/2014 11:06 AM, Louis Taylor wrote:
On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam Young wrote:
What are the uses that require long lived tokens?
Glance has operations which can take a long time, such as uploading and
downloading large images.
On 09/30/2014 11:06 AM, Louis Taylor wrote:
On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam Young wrote:
What are the uses that require long lived tokens?
Glance has operations which can take a long time, such as uploading and
downloading large images.
Yes, but the token is only authenticated at
On 09/30/2014 10:44 AM, Adam Young wrote:
What is keeping us from dropping the (scoped) token duration to 5 minutes?
If we could keep their lifetime as short as network skew lets us, we
would be able to:
Get rid of revocation checking.
Get rid of persisted tokens.
OK, so that assumes we can mo
On Tue, Sep 30, 2014 at 10:44:51AM -0400, Adam Young wrote:
> What are the uses that require long lived tokens?
Glance has operations which can take a long time, such as uploading and
downloading large images.
signature.asc
Description: Digital signature
_
What is keeping us from dropping the (scoped) token duration to 5 minutes?
If we could keep their lifetime as short as network skew lets us, we
would be able to:
Get rid of revocation checking.
Get rid of persisted tokens.
OK, so that assumes we can move back to PKI tokens, but we're workin
17 matches
Mail list logo
