Comment 2 for bug 1100145

We determined the above assertion to be incorrect in code review; I'm proposing a corresponding spec change: https://review.openstack.org/#/c/20137/

Instead, disabling a domain will still result in relevant token revocation, and service-side authentication will need to check both the user's domain and the authorized project's domain for a disabled state prior to allowing auth.