I am more concerned about changing "time" to "timeout" at the moment. This could potentially cause security problems. Consider this ...
1. a valid token is cached with (timeout=0 as default), which means the token is cached for the duration at the discretion of memcached
2. token is revoked from Keystone
3. however, the token is still marked as valid in memcached for as long as it lives
Keystone auth_token don't use "min_compress_len". But I can't guarantee other (OpenStack or others) middleware won't. My point is we need a consistent memcache client interface (for OpenStack) so middleware don't need to know about its implementation.
I am more concerned about changing "time" to "timeout" at the moment. This could potentially cause security problems. Consider this ...
1. a valid token is cached with (timeout=0 as default), which means the token is cached for the duration at the discretion of memcached
2. token is revoked from Keystone
3. however, the token is still marked as valid in memcached for as long as it lives
Keystone auth_token don't use "min_compress_len". But I can't guarantee other (OpenStack or others) middleware won't. My point is we need a consistent memcache client interface (for OpenStack) so middleware don't need to know about its implementation.