update docstring comment.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@43850 20353a03-c40f-0410-a6d1-a30d3c3de9de

product/ERP5Security/ERP5KeyAuthPlugin.py

@@ -157,13 +157,11 @@ class ERP5KeyAuthPlugin(ERP5UserManager, CookieAuthHelper):
 
     <ERP5_Root>/web_page_module/1?__ac_key=207221200213146153166
 
-    where value of __ac_key contains (encrypted):
-    - proxied (i.e. granting user) username
-    - PAS plugin encryption key
-
-  XXX: improve encrypt & decrypt part to use PAS encryption_key with a true
-  python encryption library (reuse of public / private key architecture)!
+    where value of __ac_key contains an encrypted reference of a user
 
+  TODO: We should use a real PKI (Public Key Infrastructure) so that we
+  can revoke a part of already provided keys without changing the
+  encryption key or a user's reference.
   """
 
   meta_type = "ERP5 Key Authentication"