Does authentication token need to include group information?
Currently when portal generates the authentication token, it doesn't include the group information in it in order to make the token short. So when an entity tries to authorize the token, it has to look up the group information in order to make the group authorization mechanism work. The lookup process has to access multiple places, e.g., the dataone cn, an ldap server, and et al. This seems an overhead.