)]}'
{"security-guide/source/identity/tokens.rst":[{"author":{"_account_id":20156,"name":"Petr Kovar","email":"pkovar@redhat.com","username":"pmkovar"},"change_message_id":"cedd6b8e9234b30c2ed10138c08c19cc6de9645d","unresolved":false,"context_lines":[{"line_number":50,"context_line":"and must be persisted in the back-end. They are stored in the Identity"},{"line_number":51,"context_line":"service back-end along with the metadata for authentication. Clients"},{"line_number":52,"context_line":"must pass their UUID token to the Identity service in order to validate it."},{"line_number":53,"context_line":"According to the release notes for Pike(see `release notes"},{"line_number":54,"context_line":"\u003chttps://docs.openstack.org/releasenotes/keystone/pike.html#deprecation-notes\u003e`_),"},{"line_number":55,"context_line":"UUID token provider is being deprecated in favor of Fernet tokens."},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"9f91af0f_7525d9aa","line":53,"range":{"start_line":53,"start_character":35,"end_line":53,"end_character":43},"updated":"2018-01-04 14:36:42.000000000","message":"Missing a space:\n\ns/Pike(see/Pike (see/","commit_id":"7d4c900291fb977d005906efe6eb2cfac5a57841"},{"author":{"_account_id":7264,"name":"Summer Long","email":"slong@redhat.com","username":"slong"},"change_message_id":"83051f47f1dd6741ae105c61ccbf10adb7c008ab","unresolved":false,"context_lines":[{"line_number":42,"context_line":"them from their cache and append the same to their list of cached"},{"line_number":43,"context_line":"revoked tokens."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"There are four supported token types: UUID, PKI, PKIZ and fernet."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"UUID tokens"},{"line_number":48,"context_line":"~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f91af0f_2e9cb268","line":45,"range":{"start_line":45,"start_character":0,"end_line":45,"end_character":65},"updated":"2018-01-07 22:49:44.000000000","message":"If writing for different versions (eg both pike and ocata), this needs to be reworded to reflect that.","commit_id":"77492459dcb2eca2f31a0ffc5c4a77e5c63e0c26"},{"author":{"_account_id":21797,"name":"Jeremy Liu","display_name":"Jeremy Liu","email":"liujiong.cc@gmail.com","username":"liujiong"},"change_message_id":"c36d7385e04a214cc162276896dc82cea7209b32","unresolved":false,"context_lines":[{"line_number":42,"context_line":"them from their cache and append the same to their list of cached"},{"line_number":43,"context_line":"revoked tokens."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"There are four supported token types: UUID, PKI, PKIZ and fernet."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"UUID tokens"},{"line_number":48,"context_line":"~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f91af0f_9d3dee2c","line":45,"range":{"start_line":45,"start_character":0,"end_line":45,"end_character":65},"in_reply_to":"9f91af0f_2e9cb268","updated":"2018-01-08 08:08:51.000000000","message":"Yes, good point!","commit_id":"77492459dcb2eca2f31a0ffc5c4a77e5c63e0c26"},{"author":{"_account_id":7264,"name":"Summer Long","email":"slong@redhat.com","username":"slong"},"change_message_id":"83051f47f1dd6741ae105c61ccbf10adb7c008ab","unresolved":false,"context_lines":[{"line_number":42,"context_line":"them from their cache and append the same to their list of cached"},{"line_number":43,"context_line":"revoked tokens."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"There are four supported token types: UUID, PKI, PKIZ and fernet."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"UUID tokens"},{"line_number":48,"context_line":"~~~~~~~~~~~"},{"line_number":49,"context_line":"UUID tokens are persistent tokens. UUID tokens are 32 bytes in length"},{"line_number":50,"context_line":"and must be persisted in the back-end. They are stored in the Identity"},{"line_number":51,"context_line":"service back-end along with the metadata for authentication. Clients"},{"line_number":52,"context_line":"must pass their UUID token to the Identity service in order to validate it."},{"line_number":53,"context_line":"According to the release notes for Pike (see `release notes"},{"line_number":54,"context_line":"\u003chttps://docs.openstack.org/releasenotes/keystone/pike.html#deprecation-notes\u003e`_),"},{"line_number":55,"context_line":"UUID token provider is being deprecated in favor of Fernet tokens."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"PKI and PKIZ tokens"},{"line_number":58,"context_line":"~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f91af0f_8e937e5b","line":55,"range":{"start_line":45,"start_character":0,"end_line":55,"end_character":66},"updated":"2018-01-07 22:49:44.000000000","message":"Needs to have the same \u0027deprecated and not supported in Pike\u0027 note, like PKI and PKIZ tokens; remove the last sentence.","commit_id":"77492459dcb2eca2f31a0ffc5c4a77e5c63e0c26"},{"author":{"_account_id":21797,"name":"Jeremy Liu","display_name":"Jeremy Liu","email":"liujiong.cc@gmail.com","username":"liujiong"},"change_message_id":"c36d7385e04a214cc162276896dc82cea7209b32","unresolved":false,"context_lines":[{"line_number":42,"context_line":"them from their cache and append the same to their list of cached"},{"line_number":43,"context_line":"revoked tokens."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"There are four supported token types: UUID, PKI, PKIZ and fernet."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"UUID tokens"},{"line_number":48,"context_line":"~~~~~~~~~~~"},{"line_number":49,"context_line":"UUID tokens are persistent tokens. UUID tokens are 32 bytes in length"},{"line_number":50,"context_line":"and must be persisted in the back-end. They are stored in the Identity"},{"line_number":51,"context_line":"service back-end along with the metadata for authentication. Clients"},{"line_number":52,"context_line":"must pass their UUID token to the Identity service in order to validate it."},{"line_number":53,"context_line":"According to the release notes for Pike (see `release notes"},{"line_number":54,"context_line":"\u003chttps://docs.openstack.org/releasenotes/keystone/pike.html#deprecation-notes\u003e`_),"},{"line_number":55,"context_line":"UUID token provider is being deprecated in favor of Fernet tokens."},{"line_number":56,"context_line":""},{"line_number":57,"context_line":"PKI and PKIZ tokens"},{"line_number":58,"context_line":"~~~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f91af0f_fd151a9d","line":55,"range":{"start_line":45,"start_character":0,"end_line":55,"end_character":66},"in_reply_to":"9f91af0f_8e937e5b","updated":"2018-01-08 08:08:51.000000000","message":"It\u0027s being deprecated but not removed yet.","commit_id":"77492459dcb2eca2f31a0ffc5c4a77e5c63e0c26"},{"author":{"_account_id":7264,"name":"Summer Long","email":"slong@redhat.com","username":"slong"},"change_message_id":"83051f47f1dd6741ae105c61ccbf10adb7c008ab","unresolved":false,"context_lines":[{"line_number":69,"context_line":""},{"line_number":70,"context_line":"Fernet tokens"},{"line_number":71,"context_line":"~~~~~~~~~~~~~"},{"line_number":72,"context_line":"Fernet tokens are currently the default token provider. Fernet is a"},{"line_number":73,"context_line":"secure messaging format explicitly designed for use in API tokens."},{"line_number":74,"context_line":"They are non-persistent (no need to be persisted to a database), lightweight"},{"line_number":75,"context_line":"(fall in range of 180 to 240 bytes) and reduce the operational overhead"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f91af0f_4e99f676","line":72,"range":{"start_line":72,"start_character":0,"end_line":72,"end_character":55},"updated":"2018-01-07 22:49:44.000000000","message":"are currently the default provider. -\u003e are the supported token provider for Pike (default).","commit_id":"77492459dcb2eca2f31a0ffc5c4a77e5c63e0c26"},{"author":{"_account_id":21797,"name":"Jeremy Liu","display_name":"Jeremy Liu","email":"liujiong.cc@gmail.com","username":"liujiong"},"change_message_id":"c36d7385e04a214cc162276896dc82cea7209b32","unresolved":false,"context_lines":[{"line_number":69,"context_line":""},{"line_number":70,"context_line":"Fernet tokens"},{"line_number":71,"context_line":"~~~~~~~~~~~~~"},{"line_number":72,"context_line":"Fernet tokens are currently the default token provider. Fernet is a"},{"line_number":73,"context_line":"secure messaging format explicitly designed for use in API tokens."},{"line_number":74,"context_line":"They are non-persistent (no need to be persisted to a database), lightweight"},{"line_number":75,"context_line":"(fall in range of 180 to 240 bytes) and reduce the operational overhead"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f91af0f_7d290ae4","line":72,"range":{"start_line":72,"start_character":0,"end_line":72,"end_character":55},"in_reply_to":"9f91af0f_4e99f676","updated":"2018-01-08 08:08:51.000000000","message":"Done","commit_id":"77492459dcb2eca2f31a0ffc5c4a77e5c63e0c26"},{"author":{"_account_id":7264,"name":"Summer Long","email":"slong@redhat.com","username":"slong"},"change_message_id":"790b28a9f99591d6396c355fc372aced26f4a8c9","unresolved":false,"context_lines":[{"line_number":74,"context_line":"They are non-persistent (no need to be persisted to a database), lightweight"},{"line_number":75,"context_line":"(fall in range of 180 to 240 bytes) and reduce the operational overhead"},{"line_number":76,"context_line":"required to run a cloud. Authentication and authorization metadata is neatly"},{"line_number":77,"context_line":"bundled into a message packed payload, which is then encrypted and signed in"},{"line_number":78,"context_line":"as a fernet token."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"Unlike UUID, PKI and PKIZ tokens, fernet tokens do not require persistence."}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f91af0f_eeb9eacb","line":77,"range":{"start_line":77,"start_character":15,"end_line":77,"end_character":29},"updated":"2018-01-07 23:02:57.000000000","message":"Should this be a \u0027MessagePack payload\u0027? https://docs.openstack.org/keystone/pike/_modules/keystone/token/providers/fernet/token_formatters.html\nhttps://github.com/msgpack","commit_id":"77492459dcb2eca2f31a0ffc5c4a77e5c63e0c26"},{"author":{"_account_id":21797,"name":"Jeremy Liu","display_name":"Jeremy Liu","email":"liujiong.cc@gmail.com","username":"liujiong"},"change_message_id":"c36d7385e04a214cc162276896dc82cea7209b32","unresolved":false,"context_lines":[{"line_number":74,"context_line":"They are non-persistent (no need to be persisted to a database), lightweight"},{"line_number":75,"context_line":"(fall in range of 180 to 240 bytes) and reduce the operational overhead"},{"line_number":76,"context_line":"required to run a cloud. Authentication and authorization metadata is neatly"},{"line_number":77,"context_line":"bundled into a message packed payload, which is then encrypted and signed in"},{"line_number":78,"context_line":"as a fernet token."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"Unlike UUID, PKI and PKIZ tokens, fernet tokens do not require persistence."}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f91af0f_7d57ca59","line":77,"range":{"start_line":77,"start_character":15,"end_line":77,"end_character":29},"in_reply_to":"9f91af0f_eeb9eacb","updated":"2018-01-08 08:08:51.000000000","message":"Not sure, better ask keystone experts to confirm.","commit_id":"77492459dcb2eca2f31a0ffc5c4a77e5c63e0c26"}]}