OpenStack Identity (keystone)

Reducing size of PKI token

Registered by Atsuko Ito on 2014-05-30

Repopulate service catalog in keystoneclient middleware
Remove service catalog from signed part , so it will be much smaller.

Alternative for https://blueprints.launchpad.net/keystone/+spec/compress-tokens

Read the full specification

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: Atsuko Ito

Direction:: Needs approval

Assignee:: Atsuko Ito

Definition:: Obsolete

Series goal:: None

Implementation:: Needs Code Review

Milestone target:: None

Started by: Atsuko Ito on 2014-05-30

Completed by: Atsuko Ito on 2015-06-30

Related branches

Related bugs

Sprints

Whiteboard

(morganfainberg): retargeting this to Keystone as keystoneclient doesn't do the work here.

So I've ready to do it
> In this same spirit, we've discussed removing all data from the token except for ID's. auth_token could then populate the standard authorization headers with easily cacheable GET requests from keystone.

Background: http://yottatsa.name/Papers/Compacting-PKI-Token-in-keystone.html

Gerrit topic: https://review.openstack.org/#q,topic:bp/compact-pki-token,n,z

Addressed by: https://review.openstack.org/96725
Keystone compact PKI token

Addressed by: https://review.openstack.org/97854
Keystone compact PKI token

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.