Comment 5 for bug 1257723

Our long term solution here is to implement this blueprint:

  https://blueprints.launchpad.net/keystone/+spec/revocation-events

Which means lightweight consequences to things like user deletion, and gets us much closer to completely ephemeral PKI tokens.