openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #15383
Re: Keystone: 'PKI Signed Tokens' lack support for revocation
This was a concern for HP as well. This is one of the reasons we were happy
to see that signed tokens are currently a deployment option. So, you can
continue to use the unsigned model until such a time that revocation can be
put into place for the token signing model.
Jason
From: openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx
[mailto:openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx] On
Behalf Of Maru Newby
Sent: Wednesday, August 01, 2012 7:20 PM
To: <openstack@xxxxxxxxxxxxxxxxxxx> (openstack@xxxxxxxxxxxxxxxxxxx)
Subject: [Openstack] Keystone: 'PKI Signed Tokens' lack support for
revocation
I see that support for PKI Signed Tokens has been added to Keystone without
support for token revocation. I tried to raise this issue on the bug
report:
https://bugs.launchpad.net/keystone/+bug/1003962/comments/4
And the review:
https://review.openstack.org/#/c/7754/
I'm curious as to whether anybody shares my concern and if there is a
specific reason why nobody responded to my question as to why revocation is
not required for this new token scheme. Anybody?
Thanks,
Maru
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
References