1041882 – [RFE][keystone]: Ephemeral PKI tokens

Bug 1041882 - [RFE][keystone]: Ephemeral PKI tokens

Summary: [RFE][keystone]: Ephemeral PKI tokens

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	RFEs
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	RHOS Maint
QA Contact:
Docs Contact:
URL:	https://blueprints.launchpad.net/keys...
Whiteboard:	upstream_milestone_none upstream_stat...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-12-12 19:52 UTC by RHOS Integration
Modified:	2015-03-19 17:16 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-03-19 17:16:48 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-12 19:52:26 UTC

Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/no-tokens-in-db.

Description:

Move toward a configuration where:
1.  Tokens only live for a short period of time based on the acceptable delay for propegating revocation events.
2.  Remove tokens from the backend store.

Tokens will not live for the duration of the entire workflow.  Instead, services in the workflow will fetch tokens via delegation agreements.  This will require a significant effort into implementing proper delegation  policies and using trusts/oauth.  

Specification URL (additional information):

None

Note You need to log in before you can comment on or make changes to this bug.