Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1196013 - [RFE][keystone]: Keystone Fernet (Lightweight) Tokens
[RFE][keystone]: Keystone Fernet (Lightweight) Tokens
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone (Show other bugs)
unspecified
Unspecified Unspecified
low Severity medium
: Upstream M3
: 7.0 (Kilo)
Assigned To: Nathan Kinder
yeylon@redhat.com
https://blueprints.launchpad.net/keys...
upstream_milestone_kilo-3 upstream_de...
: FutureFeature, OtherQA
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-25 00:04 EST by RHOS Integration
Modified: 2016-04-26 18:28 EDT (History)
6 users (show)

See Also:
Fixed In Version: openstack-keystone-2015.1.0-1.el7ost
Doc Type: Enhancement
Doc Text:
The Identity service now has an experimental support for a new token format called 'fernet'. The token formats currently supported by the Identity service require issued tokens to be persisted in a database table. This table can grow quite large, which requires proper tuning and a flush job to keep the Identity service performing well. The new 'fernet' token format is designed to allow the token database table to be eliminated, avoiding the problem of this table becoming a scalability limitation. The 'fernet' token format is now available as an experimental feature.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-05 09:22:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2015:1548 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2015-08-05 13:07:06 EDT

  None (edit)
Description RHOS Integration 2015-02-25 00:04:48 EST 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/klw-tokens.

Description:

KLWT tokens provide a way to represent a token, allowing for tokens to be non-persistent. KLWT tokens provide integrity and confidentiality, when optionally using encryption, by being signed by Keystone. KLWT tokens contain some amount of token information, including the user, the issued at time, the expiration time, and the digest of the signed information. Regardless if encryption is used, the tokens are authentic since they are signed and validated by Keystone.

Specification URL (additional information):

https://github.com/openstack/keystone-specs/blob/master/specs/kilo/klwt.rst
Comment 3 Arthur Berezin 2015-03-22 08:58:10 EDT 
This functionality is marked upstream as "Experimental",Marking as Technology Preview for OSP7.
Comment 10 errata-xmlrpc 2015-08-05 09:22:00 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1548
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.