The IdP ID was included in federated tokens specifically to support IdP IDs appearing in revocation events (and being able to match the two together in keystonemiddleware.auth_token). I don't see a need for an alternative solution (with or without regard to UUID vs PKI).
The IdP ID was included in federated tokens specifically to support IdP IDs appearing in revocation events (and being able to match the two together in keystonemiddlew are.auth_ token). I don't see a need for an alternative solution (with or without regard to UUID vs PKI).