Merge "Removes paragraph saying UUID tokens are less secure"

2013-12-24 10:46:57 +00:00 · 2013-12-24 10:46:57 +00:00 · af40d01ef3
commit af40d01ef3
parent 5f7c856605 18d5e8b9cc
1 changed files with 0 additions and 1 deletions
--- a/doc/security-guide/ch024_authentication.xml
+++ b/doc/security-guide/ch024_authentication.xml
@ -102,7 +102,6 @@
    <section xml:id="ch024_authentication-idp276176">
      <title>Tokens</title>
      <para>Once a user is authenticated, a token is generated and used internally in OpenStack for authorization and access. The default token <emphasis role="bold">lifespan</emphasis> is<emphasis role="bold"> 24 hours</emphasis>. It is recommended that this value be set lower but caution needs to be taken as some internal services will need sufficient time to complete their work. The cloud may not provide services if tokens expire too early. An example of this would be the time needed by the Compute Service to transfer a disk image onto the hypervisor for local caching.</para>
-      <para>The Identity service could alternatively be configured to provide UUID tokens which are significantly shorter but may be less secure depending on your specific deployment model. Decisions about token implementation should take into consideration the level of trust needed within a given security domain.</para>
      <para>Below is an example of a PKI token. Note that, in practice, the token id value is very long (e.g., around 3500 bytes), but for brevity we shorten it in this example.</para>
      <screen> 
        "token": {