PKI Tokens are Deprecated ** Changed in: keystone Status: Confirmed => Won't Fix
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1205153 Title: Unable to have multiple signing certs for PKI tokens Status in OpenStack Identity (keystone): Won't Fix Bug description: Right now Keystone assumes a single signing certificate. In order to support multiple, we need to be able to identify which certificate to use in order to verify the token. Although the CMS based tokens have a Serial number embedded, to parse this information out would take an additional call to Popen the openssl binary. Instead, we should put a certificate identifier into the token itself that van be parsed out via simple string parsing. An example would be CMS:41123:MII... CMS is just to identify token format. 41123 is the identifier. MII is the signed token as currently produced. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1205153/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp