Comment 2 for bug 861854

The calls in question are described in the dev guide here:

http://docs.openstack.org/incubation/identity-dev-guide/content/Validate_Token-d1e1914.html

The use case here is to validate the token, so my suggestion is to replace the operation to validate a token from GET /tokens/<id> to POST /tokens/validate with a body that includes the token ID and tenant:

POST /tokens/validate
{
    "token": {
      "id": "asdasdasd-adsasdads-asdasdasd-adsadsasd",
     "tenantId": "1234"
}

That way the id will be encrypted for clients using SSL and not show up in the log.