Thanks Adam, Thierry! Dani
On Tue, Jan 27, 2015 at 1:43 PM, Adam Young <ayo...@redhat.com> wrote: > Short term answers: > > The amount of infrastructure we would have to build to replicate CRON is > not worth it. > > Figuring out a CRON strategy for nontrivial deployment is part of a larger > data management scheme. > > > Long term answers: > > Tokens should not be persisted. We have been working toward ephemeral > tokens for a long time, but the vision of how to get there is not uniformly > shared among the team. We spent a lot of time arguing about AE tokens, > which looked promising, but do not support federation. > > Where we are headed is a split of the data in the token into an ephemeral > portion and a persisted portion. The persisted portion would be reused, > and would represent the delegation of authority. The epehmeral portion will > represent the time aspects of the token: when issued, when expired, etc. > The ephemeral portion would refer to the persisted portion. > > The revocation events code is necessary for PKI tokens, and might be > required depending on how we do the ephemeral/persisted split. With AE > tokens it would have been necessary, but with a unified delegation > mechanism, it would be less so. > > If anyone feels the need for ephemeral tokens strongly enough to > contribute, please let me know. We've put a lot of design into where we > are today, and I would encourage you to learn the issues before jumping in > to the solutions. I'm more than willing to guide any new development along > these lines. > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
