hegeduscs
commented
5 years ago Good question, we didn't make a decision on that on purpose.
The idea was that the authorization should contain some sort of guideline on that: how long a given admission should be provided.
Need to work on this!
Orchestration always requests token with no duration - and tokens cannot be revoked (OrchestratorDriver.java:541).
Also, who should decide the duration; the consumer, the provider, or the cloud operator?