Fixup openshift#4

enhancements/kube-apiserver/bound-sa-tokens.md

@@ -8,10 +8,11 @@ reviewers:
   - "@stlaz"
   - "@sttts"
 approvers:
-  - TBD
+  - "@deads2k"
+  - "@sttts"
 creation-date: 2019-11-28
 last-updated: 2019-11-28
-status: provisional
+status: implementable
 see-also:
   - "https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/bound-service-account-tokens.md"
   - "https://docs.google.com/document/d/1XcOsEv4jO9P1QQHn-tOnC80oMyCm85hGA6LqHRfjTgo/edit?ts=5ddb86c1"
@@ -102,7 +103,7 @@ therefore risk of compromise) for a given service account token.
   - The public key should be added to (rather than replaced in) a configmap in the
     `openshift-kube-apiserver` namespace.
     - Public keys will be added to the configmap with keys of the form
-      `bound-service-account-xxx.pub`, where `xxx` is incremented for uniqueness.
+      `service-account-xxx.pub`, where `xxx` is incremented for uniqueness.
     - This configmap can be used to source the public keys needed by 3rd party components
       to verify bound tokens issued by the apiserver, satisfying goal #3.
     - The path of the mounted configmap should be included in