There's still appears to be considerable demand for UUID tokens, considering their simplicity relative to PKI tokens (no additional setup required, convenient length for copy/pasting around). There are also trade-offs when deciding between UUID and PKI tokens (e.g. network chatter vs CPU time, revocation behavior, etc).
I don't think we can consider UUID tokens deprecated yet, although I would certainly encourage everyone using them to take a hard look at PKI. I suspect that most of the deployers that tried PKI but stuck with UUID tokens did so because they ran into configuration / debugging issues with PKI tokens, and keeping UUID was the easiest solution. Hopefully we've resolved a lot of those bugs, so I'd be interested in hearing any continued reasoning for not making the switch. On Thu, Jul 18, 2013 at 6:53 AM, Sean Dague <[email protected]> wrote: > Because it came up in this devstack review - > https://review.openstack.org/#**/c/37151/<https://review.openstack.org/#/c/37151/>I'm > curious what the long term fate of UUID token is in keystone. It's no > longer the default, but is it expected to continue to be supported for the > forseable future? > > If it's being deprecated in keystone, now would be a good time to ween > folks off it by not having it in devstack. If not, we should allow the > option back into devstack. > > -Sean > > -- > Sean Dague > http://dague.net > > ______________________________**_________________ > OpenStack-dev mailing list > [email protected].**org <[email protected]> > http://lists.openstack.org/**cgi-bin/mailman/listinfo/**openstack-dev<http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev> > -- -Dolph
_______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
