Hi All,

Its 2016 and we have finally decided to make token persistence & revocation
a reality in UAA !!
Over the past year, I have had multiple conversations with foundation
members and customers alike and am increasingly seeing the need for token
persistence and on-demand token revocation.

The core use-case in the Cloud Foundry context is to make Cloud Controller
API access more secured and streamlined when dealing with automated & long
lived access scenarios. This will be achieved with a user being able to
generate an opaque token with the relevant scopes after performing
authentication with the Identity Provider (Internal or SAML/LDAP) and have
them be revocable on demand.

The detailed feature spec can be found here
<https://docs.google.com/document/d/1tWg5aNGyvibofavHNim6NJvhfcsNt2e1StrVfURI_Ww/edit?usp=sharing>.
We will remain fully backwards compatible and continue to support JWT
tokens.
We would like to start work on this feature towards the *end of February*
and look forward to your valuable feedback.

Happy Reviewing !!


Thanks,
Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry