openstack team mailing list archive

Thread
Date

Keystone: 'PKI Signed Tokens' lack support for revocation

To: "<openstack@xxxxxxxxxxxxxxxxxxx> (openstack@xxxxxxxxxxxxxxxxxxx)" <openstack@xxxxxxxxxxxxxxxxxxx>
From: Maru Newby <mnewby@xxxxxxxxxxxx>
Date: Wed, 1 Aug 2012 21:19:56 -0400

I see that support for PKI Signed Tokens has been added to Keystone without support for token revocation.  I tried to raise this issue on the bug report:

https://bugs.launchpad.net/keystone/+bug/1003962/comments/4

And the review:

https://review.openstack.org/#/c/7754/

I'm curious as to whether anybody shares my concern and if there is a specific reason why nobody responded to my question as to why revocation is not required for this new token scheme.   Anybody?

Thanks,


Maru

Follow ups

Re: Keystone: 'PKI Signed Tokens' lack support for revocation
From: Adam Young, 2012-08-07
Re: Keystone: 'PKI Signed Tokens' lack support for revocation
From: Rouault, Jason (Cloud Services), 2012-08-02
Re: Keystone: 'PKI Signed Tokens' lack support for revocation
From: Adam Young, 2012-08-02