Comment 18 for bug 1287301
Revision history for this message
| Alexei Kornienko (alexei-kornienko) wrote | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
d-w-chadwick I'm sorry but you are wrong in some of your assertions:
1. If you dont cache tokens you dont need revocation lists. You get a fresh token each time.
Cache is needed to speed up validation. For UUID tokens validation requires HTTP request to keystone and for PKI tokens it requires a subprocess call to openssl.
If you disable cache you are still able to use the same token until it's *expired*.
Rest of the assertions has to be updated to separate token exparation and validation cache.