← Back to team overview

openstack team mailing list archive

Re: Keystone: 'PKI Signed Tokens' lack support for revocation

 

This was a concern for HP as well.  This is one of the reasons we were happy
to see that signed tokens are currently a deployment option.  So, you can
continue to use the unsigned model until such a time that revocation can be
put into place for the token signing model.

 

Jason

 

From: openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx
[mailto:openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx] On
Behalf Of Maru Newby
Sent: Wednesday, August 01, 2012 7:20 PM
To: <openstack@xxxxxxxxxxxxxxxxxxx> (openstack@xxxxxxxxxxxxxxxxxxx)
Subject: [Openstack] Keystone: 'PKI Signed Tokens' lack support for
revocation

 

I see that support for PKI Signed Tokens has been added to Keystone without
support for token revocation.  I tried to raise this issue on the bug
report:

 

https://bugs.launchpad.net/keystone/+bug/1003962/comments/4

 

And the review:

 

https://review.openstack.org/#/c/7754/

 

I'm curious as to whether anybody shares my concern and if there is a
specific reason why nobody responded to my question as to why revocation is
not required for this new token scheme.   Anybody?

 

Thanks,

 

 

Maru

 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature


References