Request for feedback: UAA Revocable Token Proposal

Sree Tummidi

Hi All,

Its 2016 and we have finally decided to make token persistence & revocation
a reality in UAA !!
Over the past year, I have had multiple conversations with foundation
members and customers alike and am increasingly seeing the need for token
persistence and on-demand token revocation.

The core use-case in the Cloud Foundry context is to make Cloud Controller
API access more secured and streamlined when dealing with automated & long
lived access scenarios. This will be achieved with a user being able to
generate an opaque token with the relevant scopes after performing
authentication with the Identity Provider (Internal or SAML/LDAP) and have
them be revocable on demand.

The detailed feature spec can be found here
We will remain fully backwards compatible and continue to support JWT
We would like to start work on this feature towards the *end of February*
and look forward to your valuable feedback.

Happy Reviewing !!

Sree Tummidi
Sr. Product Manager
Identity - Pivotal Cloud Foundry

Join to automatically receive all group messages.