Comment 3 for bug 1291157

The IdP ID was included in federated tokens specifically to support IdP IDs appearing in revocation events (and being able to match the two together in keystonemiddleware.auth_token). I don't see a need for an alternative solution (with or without regard to UUID vs PKI).