Monday, June 8, 2015 07:10, Adam Young wrote: > 2. Delegation are long lived affairs. If anything is going to take > longer than the duration of the token, it should be in the context of a > delegation, and the user should re-authenticate to prove identity.
Requiring re-authenticating to perform many tasks that involves delegation (a distinction that users don't understand, or care to) is a sure way to convince users to use short and weak passwords. Please, no. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev