Comment 4 for bug 1003962

ayoung: I strongly disagree that token revocation is an unnecessary complication. If a user account is found to be compromised, issued tokens for that account need to be rendered invalid as quickly as possible. If you don't agree, consider raising this issue on the mailing list. I would be very interested to hear whether any cloud services provider agrees with your assertion that they should not be concerned about the potential impact this could have on their reputation.