Comment 10 for bug 1595084

AFAIK, now in keystone we have some supports for expired tokens as "allow expired token" or "service token" but these features are only supported from current versions of keystone (from octaka). But in some cases, we need to support the older releases that do not support expired token. Therefore IMHO, using trust as heat does is a good way to go.

@Shardy: If you have time, i would like to have a discussion with you about it meanwhile i am trying to implement this idea to mistral.