Bug 1041882

Summary: [RFE][keystone]: Ephemeral PKI tokens
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/keystone/+spec/no-tokens-in-db
Whiteboard: upstream_milestone_none upstream_status_unknown upstream_definition_superseded
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 17:16:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 19:52:26 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/no-tokens-in-db.

Description:

Move toward a configuration where:
1.  Tokens only live for a short period of time based on the acceptable delay for propegating revocation events.
2.  Remove tokens from the backend store.

Tokens will not live for the duration of the entire workflow.  Instead, services in the workflow will fetch tokens via delegation agreements.  This will require a significant effort into implementing proper delegation  policies and using trusts/oauth.  

Specification URL (additional information):

None