d-w-chadwick I'm sorry but you are wrong in some of your assertions:
1. If you dont cache tokens you dont need revocation lists. You get a fresh token each time.
Cache is needed to speed up validation. For UUID tokens validation requires HTTP request to keystone and for PKI tokens it requires a subprocess call to openssl.
If you disable cache you are still able to use the same token until it's *expired*.
Rest of the assertions has to be updated to separate token exparation and validation cache.
d-w-chadwick I'm sorry but you are wrong in some of your assertions:
1. If you dont cache tokens you dont need revocation lists. You get a fresh token each time.
Cache is needed to speed up validation. For UUID tokens validation requires HTTP request to keystone and for PKI tokens it requires a subprocess call to openssl.
If you disable cache you are still able to use the same token until it's *expired*.
Rest of the assertions has to be updated to separate token exparation and validation cache.