[acchow]

> So for token revocation, you now need to create a cache invalidation scheme

To be a cache, it needs an invalidation scheme already.

Also, no one is asking for "instant" consistency on revoking a token, but at least "eventual consistency".

[seanp2k2]

Yeah, this. I don't care if it takes 24 hours to revoke it across the board, just let me revoke it somehow. Sub-second revocation isn't something that I'm aware of anyone asking for in this instance, and global Cassandra quorum should be on the order of a few seconds for massive data stores. Even with aggressive caching and long TTLs, you could do something with event notification for the rare events in which someone invalidates a token, and get it propagated within seconds around the world.