<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
		<id>https://wiki.openstack.org/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Woodster</id>
		<title>OpenStack - User contributions [en]</title>
		<link rel="self" type="application/atom+xml" href="https://wiki.openstack.org/w/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Woodster"/>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/wiki/Special:Contributions/Woodster"/>
		<updated>2026-07-03T11:37:15Z</updated>
		<subtitle>User contributions</subtitle>
		<generator>MediaWiki 1.28.2</generator>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/v2&amp;diff=131172</id>
		<title>Barbican/v2</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/v2&amp;diff=131172"/>
				<updated>2016-08-15T19:37:43Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Barbican v2 */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Barbican v2==&lt;br /&gt;
* Generic Container data structure is weird, consider making it a proper dict&lt;br /&gt;
* Container term is confusing, consider&lt;br /&gt;
* Use proper links for references rather than single 'ref' link returned now&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Nova&amp;diff=122958</id>
		<title>Meetings/Nova</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Nova&amp;diff=122958"/>
				<updated>2016-03-24T17:41:49Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added woodster to ping list&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Nova team meeting =&lt;br /&gt;
'''MEETING TIME: Thursdays alternating 14:00 UTC (#openstack-meeting) and 21:00 UTC (#openstack-meeting)'''&lt;br /&gt;
&lt;br /&gt;
This meeting is a weekly gathering of developers working on [[Nova|OpenStack Compute (Nova)]].  We cover topics such as release planning and status, bugs, reviews, and other current topics worthy of real-time discussion.&lt;br /&gt;
&lt;br /&gt;
NOTE: this wiki page should be 'emptied' at the end of each meeting.&lt;br /&gt;
&lt;br /&gt;
== Agenda for next meeting ==&lt;br /&gt;
&lt;br /&gt;
Next meetings scheduled for:&lt;br /&gt;
* March 24th 2016 1400 UTC, #openstack-meeting (http://www.timeanddate.com/worldclock/fixedtime.html?iso=20160324T140000)&lt;br /&gt;
* March 31st 2016 2100 UTC, #openstack-meeting (http://www.timeanddate.com/worldclock/fixedtime.html?iso=20160317T210000)&lt;br /&gt;
&lt;br /&gt;
Add your IRC nick to this list to be pinged at the start of the meeting:&lt;br /&gt;
&amp;lt;code&amp;gt;&lt;br /&gt;
&amp;lt;br&amp;gt;adrian_otto akuriata alevine alexpilotti aloga andreykurilin anteaya artom auggy&lt;br /&gt;
&amp;lt;br&amp;gt;bauzas belliott belmoreira bobball cburgess claudiub danpb dguitarbite _diana_&lt;br /&gt;
&amp;lt;br&amp;gt;diana_clarke dims duncant edleafe efried flip214 funzo garyk gcb gjayavelu&lt;br /&gt;
&amp;lt;br&amp;gt;irina_pov jaypipes jcookekhugen jgrimm jichen jlvillal jroll kashyap klindgren&lt;br /&gt;
&amp;lt;br&amp;gt;krtaylor lbeliveau lxsli macsz markus_z mdorman med_ mikal mjturek mnestratov&lt;br /&gt;
&amp;lt;br&amp;gt;moshele mrda nagyz ndipanov neiljerram nic Nisha PaulMurray raildo rgeragnov&lt;br /&gt;
&amp;lt;br&amp;gt;sc68cal scottda sdague sileht sorrison swamireddy thomasem thorst tjones tonyb&lt;br /&gt;
&amp;lt;br&amp;gt;tpatil tpatzig xyang rdopiera sarafraj woodster&lt;br /&gt;
&amp;lt;/code&amp;gt;&lt;br /&gt;
&lt;br /&gt;
Please note &amp;quot;stuck review&amp;quot; means a review where there is some disagreement that needs resolving.&lt;br /&gt;
Its not for reviews that just haven't had attention, except for exceptional cases.&lt;br /&gt;
Where you see &amp;quot;?&amp;quot; feel free to just edit the wiki and add your item.&lt;br /&gt;
&lt;br /&gt;
Here is the agenda for the next meeting:&lt;br /&gt;
* Release Status&lt;br /&gt;
** RC1 released, Hard String Freeze, open master for Newton&lt;br /&gt;
*** http://lists.openstack.org/pipermail/openstack-dev/2016-March/089554.html&lt;br /&gt;
** Apr 4-8, Release week&lt;br /&gt;
*** http://docs.openstack.org/releases/schedules/mitaka.html&lt;br /&gt;
** Looking out for release critical bugs, potential release blocker: https://bugs.launchpad.net/nova/+bugs?field.tag=mitaka-rc-potential&lt;br /&gt;
*** stable/mitaka backports for rc2: https://review.openstack.org/#/q/project:openstack/nova+status:open+branch:stable/mitaka&lt;br /&gt;
** New review focus list: https://etherpad.openstack.org/p/newton-nova-priorities-tracking&lt;br /&gt;
*** Spec review list for Newton: https://etherpad.openstack.org/p/newton-nova-spec-review-tracking&lt;br /&gt;
* Bugs (stuck/critical)&lt;br /&gt;
** Gate status&lt;br /&gt;
*** http://status.openstack.org/elastic-recheck/index.html&lt;br /&gt;
** 3rd party CI status&lt;br /&gt;
*** http://ci-watch.tintri.com/project?project=nova&amp;amp;time=7+days&lt;br /&gt;
** Critical bugs&lt;br /&gt;
*** ?&lt;br /&gt;
** Reminders:&lt;br /&gt;
*** http://lists.openstack.org/pipermail/openstack-dev/2016-March/088205.html Looking out for release critical bugs, use mitaka-rc-potential, if agreed target at milestone, usually high priority or higher&lt;br /&gt;
*** https://wiki.openstack.org/wiki/Nova/BugTriage#Weekly_bug_skimming_duty Volunteers for 1 week of bug skimming duty?&lt;br /&gt;
*** No DB migrations until https://review.openstack.org/#/c/289450/ is in.&lt;br /&gt;
** Stable branch status: https://etherpad.openstack.org/p/stable-tracker&lt;br /&gt;
*** stable/liberty: https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:stable/liberty,n,z&lt;br /&gt;
*** stable/kilo: https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:stable/kilo,n,z&lt;br /&gt;
* Stuck Reviews&lt;br /&gt;
**  Please note &amp;quot;stuck review&amp;quot; means a review where there is some disagreement that needs resolving. Its not for reviews that just haven't had attention, except for exceptional cases. Where you see &amp;quot;?&amp;quot; feel free to just edit the wiki and add your item.&lt;br /&gt;
** Any stuck code reviews to discuss:&lt;br /&gt;
*** ?&lt;br /&gt;
* Open discussion&lt;br /&gt;
** Austin Design Summit ideas: https://etherpad.openstack.org/p/newton-nova-summit-ideas&lt;br /&gt;
** ?&lt;br /&gt;
&lt;br /&gt;
== Sub-teams ==&lt;br /&gt;
&lt;br /&gt;
There are also some Nova subteam meetings.  See [[Nova#Active_Sub-teams:]] for details.&lt;br /&gt;
&lt;br /&gt;
== Previous meetings ==&lt;br /&gt;
&lt;br /&gt;
* [http://eavesdrop.openstack.org/meetings/nova/ All other meetings are here]&lt;br /&gt;
* [http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-08-16-21.01.html 2012-08-16]&lt;br /&gt;
* [http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-08-09-21.00.html 2012-08-09]&lt;br /&gt;
* [http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-08-02-21.40.html 2012-08-02]&lt;br /&gt;
&lt;br /&gt;
[[category: compute]]&lt;br /&gt;
[[category: meetings]]&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=91248</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=91248"/>
				<updated>2015-09-28T14:33:26Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* September 28, 2015&lt;br /&gt;
** (woodster) What about changing our gates to populate database with Alembic migrations, instead of from SQLAlchemy models directly?&lt;br /&gt;
* September 21, 2015&lt;br /&gt;
** (arunkant) Barbicanclient failures on neutron test gate: http://logs.openstack.org/43/208343/15/check/gate-tempest-dsvm-neutron-src-python-barbicanclient/9193018/&lt;br /&gt;
* September 14, 2015&lt;br /&gt;
** Review Dave's core nomination: http://lists.openstack.org/pipermail/openstack-dev/2015-September/073866.html&lt;br /&gt;
** Federated Barbican Update (silos)&lt;br /&gt;
* September 7, 2015&lt;br /&gt;
** No meeting.  Happy Labor day to contributors in the US.&lt;br /&gt;
* August 31, 2015&lt;br /&gt;
** Test framework - We're currently using both nosetest and testtools.  Can we consolidate to one of them?&lt;br /&gt;
** Merge requirements continued&lt;br /&gt;
** Quotas Blueprint targeting Liberty-3.  Update.&lt;br /&gt;
** /v2/orders&lt;br /&gt;
** Castellan: https://review.openstack.org/#/c/208569/ Last patch needed before a release (kfarr)&lt;br /&gt;
** (woodster) Don't forget about the ACL blueprints, esp. this one: https://review.openstack.org/#/c/208343&lt;br /&gt;
* August 24, 2015&lt;br /&gt;
** Merge Requirements - I think it's time we start merging after two +2 reviews by a core reviewer.  (redrobot)&lt;br /&gt;
** Tokyo Session Requirements (redrobot)&lt;br /&gt;
* August 17, 2015&lt;br /&gt;
** Adding certificate_manager namespace to Castellan (rm_work)&lt;br /&gt;
** Federated Barbican (silos)&lt;br /&gt;
** Defect/issue template - https://etherpad.openstack.org/p/barbican-bug-report-template (hockeynut)&lt;br /&gt;
** super-user rule in policy.json (dave-mccowan)&lt;br /&gt;
** quotas blueprint update (dave-mccowan)&lt;br /&gt;
* August 3, 2015&lt;br /&gt;
** Multiple KMIP Blueprint - https://review.openstack.org/#/c/194298/ (silos)&lt;br /&gt;
** Castellan merge requests (kfarr)&lt;br /&gt;
* July 27, 2015&lt;br /&gt;
** V2 and Orders (jmvrbanac)&lt;br /&gt;
** stable/kilo tests are failing (jaosorior)&lt;br /&gt;
** Barbican Openstack CLI plugin (jaosorior)&lt;br /&gt;
** Castellan&lt;br /&gt;
*** release schedules (elmiko)&lt;br /&gt;
*** patches need merging&lt;br /&gt;
* July 20, 2015&lt;br /&gt;
** Magnum integration&lt;br /&gt;
** Resource Quotas&lt;br /&gt;
*** Design Discussion: https://review.openstack.org/203678&lt;br /&gt;
*** Code review for first commit (config, controller, validator) https://review.openstack.org/198764&lt;br /&gt;
** Brief discussion regarding default policy settings and ability of secret creators to manage their secrets (https://bugs.launchpad.net/barbican/+bug/1475962)&lt;br /&gt;
* July 13, 2015&lt;br /&gt;
** Magnum integration&lt;br /&gt;
** CAs blueprint&lt;br /&gt;
*** http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-cas.html&lt;br /&gt;
** copy constructor for secrets and containers, report back from api-wg discussions (elmiko)&lt;br /&gt;
*** https://review.openstack.org/#/c/127823/&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* July 6, 2015&lt;br /&gt;
&lt;br /&gt;
** Update on Quota Support blueprint (dave-mccowan)&lt;br /&gt;
** ACL client implementation (chellygel)&lt;br /&gt;
** Let's discuss the fifth 'acl-user' role needed for Barbican:&lt;br /&gt;
*** Ugh, I noticed we did discuss this on May 4th with an etherpad [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion here].&lt;br /&gt;
*** However, I think we got off track talking about lists of secrets...&lt;br /&gt;
*** So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.&lt;br /&gt;
* June 29, 2015&lt;br /&gt;
** Magnum integration&lt;br /&gt;
** Why are we still testing the python-barbicanclient with py26&lt;br /&gt;
** Dogtag gate as voting&lt;br /&gt;
* June 8, 2015&lt;br /&gt;
** Mid-Cycle RSVP (redrobot)&lt;br /&gt;
* June 1, 2015&lt;br /&gt;
** Vancouver Summit Recap (redrobot)&lt;br /&gt;
** Mid-Cycle (redrobot)&lt;br /&gt;
* May 11, 2015&lt;br /&gt;
** (arunkant) Proposed ACL API changes as per [https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm ACL docs review] comments on line #237&lt;br /&gt;
** (dave-mccowan) Heads-up: adding run-as-user support to functional tests.  You local keystone deployment will need new users and roles installed to run functional tests.&lt;br /&gt;
* May 4, 2015&lt;br /&gt;
** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit&lt;br /&gt;
* April 20, 2015&lt;br /&gt;
** (redrobot) Kilo-RC1&lt;br /&gt;
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?&lt;br /&gt;
** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266&lt;br /&gt;
* April 13, 2015&lt;br /&gt;
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here]. &lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]&lt;br /&gt;
** (redrobot) Juno to Kilo DB migration&lt;br /&gt;
** (redrobot) Content-Type and payload_content_type combinations&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=89210</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=89210"/>
				<updated>2015-08-31T20:12:40Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* August 31, 2015&lt;br /&gt;
** Test framework - We're currently using both nosetest and testtools.  Can we consolidate to one of them?&lt;br /&gt;
** Merge requirements continued&lt;br /&gt;
** Quotas Blueprint targeting Liberty-3.  Update.&lt;br /&gt;
** /v2/orders&lt;br /&gt;
** Castellan: https://review.openstack.org/#/c/208569/ Last patch needed before a release (kfarr)&lt;br /&gt;
** (woodster) Don't forget about the ACL blueprints, esp. this one: https://review.openstack.org/#/c/208343&lt;br /&gt;
* August 24, 2015&lt;br /&gt;
** Merge Requirements - I think it's time we start merging after two +2 reviews by a core reviewer.  (redrobot)&lt;br /&gt;
** Tokyo Session Requirements (redrobot)&lt;br /&gt;
* August 17, 2015&lt;br /&gt;
** Adding certificate_manager namespace to Castellan (rm_work)&lt;br /&gt;
** Federated Barbican (silos)&lt;br /&gt;
** Defect/issue template - https://etherpad.openstack.org/p/barbican-bug-report-template (hockeynut)&lt;br /&gt;
** super-user rule in policy.json (dave-mccowan)&lt;br /&gt;
** quotas blueprint update (dave-mccowan)&lt;br /&gt;
* August 3, 2015&lt;br /&gt;
** Multiple KMIP Blueprint - https://review.openstack.org/#/c/194298/ (silos)&lt;br /&gt;
** Castellan merge requests (kfarr)&lt;br /&gt;
* July 27, 2015&lt;br /&gt;
** V2 and Orders (jmvrbanac)&lt;br /&gt;
** stable/kilo tests are failing (jaosorior)&lt;br /&gt;
** Barbican Openstack CLI plugin (jaosorior)&lt;br /&gt;
** Castellan&lt;br /&gt;
*** release schedules (elmiko)&lt;br /&gt;
*** patches need merging&lt;br /&gt;
* July 20, 2015&lt;br /&gt;
** Magnum integration&lt;br /&gt;
** Resource Quotas&lt;br /&gt;
*** Design Discussion: https://review.openstack.org/203678&lt;br /&gt;
*** Code review for first commit (config, controller, validator) https://review.openstack.org/198764&lt;br /&gt;
** Brief discussion regarding default policy settings and ability of secret creators to manage their secrets (https://bugs.launchpad.net/barbican/+bug/1475962)&lt;br /&gt;
* July 13, 2015&lt;br /&gt;
** Magnum integration&lt;br /&gt;
** CAs blueprint&lt;br /&gt;
*** http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-cas.html&lt;br /&gt;
** copy constructor for secrets and containers, report back from api-wg discussions (elmiko)&lt;br /&gt;
*** https://review.openstack.org/#/c/127823/&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* July 6, 2015&lt;br /&gt;
&lt;br /&gt;
** Update on Quota Support blueprint (dave-mccowan)&lt;br /&gt;
** ACL client implementation (chellygel)&lt;br /&gt;
** Let's discuss the fifth 'acl-user' role needed for Barbican:&lt;br /&gt;
*** Ugh, I noticed we did discuss this on May 4th with an etherpad [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion here].&lt;br /&gt;
*** However, I think we got off track talking about lists of secrets...&lt;br /&gt;
*** So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.&lt;br /&gt;
* June 29, 2015&lt;br /&gt;
** Magnum integration&lt;br /&gt;
** Why are we still testing the python-barbicanclient with py26&lt;br /&gt;
** Dogtag gate as voting&lt;br /&gt;
* June 8, 2015&lt;br /&gt;
** Mid-Cycle RSVP (redrobot)&lt;br /&gt;
* June 1, 2015&lt;br /&gt;
** Vancouver Summit Recap (redrobot)&lt;br /&gt;
** Mid-Cycle (redrobot)&lt;br /&gt;
* May 11, 2015&lt;br /&gt;
** (arunkant) Proposed ACL API changes as per [https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm ACL docs review] comments on line #237&lt;br /&gt;
** (dave-mccowan) Heads-up: adding run-as-user support to functional tests.  You local keystone deployment will need new users and roles installed to run functional tests.&lt;br /&gt;
* May 4, 2015&lt;br /&gt;
** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit&lt;br /&gt;
* April 20, 2015&lt;br /&gt;
** (redrobot) Kilo-RC1&lt;br /&gt;
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?&lt;br /&gt;
** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266&lt;br /&gt;
* April 13, 2015&lt;br /&gt;
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here]. &lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]&lt;br /&gt;
** (redrobot) Juno to Kilo DB migration&lt;br /&gt;
** (redrobot) Content-Type and payload_content_type combinations&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=87686</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=87686"/>
				<updated>2015-08-10T20:13:55Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added a note about a required workaround.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS or Ubuntu 14.04 LTS):&lt;br /&gt;
&lt;br /&gt;
Note: Due to the amount of dependencies and configuration performed by the DevStack process, we suggest running DevStack from a dedicated/temporary virtual machine rather than your local workstation.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ sudo apt-get install libffi-dev libssl-dev git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/openstack/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
&lt;br /&gt;
$ mv barbican/contrib/devstack/local.conf devstack/&lt;br /&gt;
   (!!!! NOTE: Please modify line #3 of the repository's 'local.conf' file to replace 'barbican-svc barbican-retry' with 'barbican')&lt;br /&gt;
&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ sudo ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ sudo mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
To shutdown Barbican (and its dependent services) simply run this:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./unstack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors - assuming you've enabled compute because we don't by default in the local.conf) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
===The Easy Way===&lt;br /&gt;
''Last Updated: March 18, 2015''&lt;br /&gt;
&lt;br /&gt;
This script will set up Devstack with Barbican (when run on a clean Ubuntu 14.04 VM), then run the Barbican functional tests.&lt;br /&gt;
https://gist.github.com/rm-you/6feacb91182f5c011018&lt;br /&gt;
&lt;br /&gt;
&amp;lt;nowiki&amp;gt;bash &amp;lt;(curl -sL https://gist.githubusercontent.com/rm-you/6feacb91182f5c011018/raw/b03c74bbe1c76af55d29083b4b823a037cc34018/setup.sh)&amp;lt;/nowiki&amp;gt;&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=84943</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=84943"/>
				<updated>2015-07-01T21:00:31Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Modified the desired outcome of discussion about the acl-user role&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* July 6, 2015&lt;br /&gt;
** Let's discuss the fifth 'acl-user' role needed for Barbican:&lt;br /&gt;
*** Ugh, I noticed we did discuss this on May 4th with an etherpad [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion here].&lt;br /&gt;
*** However, I think we got off track talking about lists of secrets...&lt;br /&gt;
*** So I think the outcome of this discussion should just be a blueprint or paper-cut to add this new role and associated testing for it. I favor blueprint as we could also see a sample of the API doc mods needed.&lt;br /&gt;
* June 29, 2015&lt;br /&gt;
** Why are we still testing the python-barbicanclient with py26&lt;br /&gt;
** Dogtag gate as voting&lt;br /&gt;
* June 8, 2015&lt;br /&gt;
** Mid-Cycle RSVP (redrobot)&lt;br /&gt;
* June 1, 2015&lt;br /&gt;
** Vancouver Summit Recap (redrobot)&lt;br /&gt;
** Mid-Cycle (redrobot)&lt;br /&gt;
* May 11, 2015&lt;br /&gt;
** (arunkant) Proposed ACL API changes as per [https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm ACL docs review] comments on line #237&lt;br /&gt;
** (dave-mccowan) Heads-up: adding run-as-user support to functional tests.  You local keystone deployment will need new users and roles installed to run functional tests.&lt;br /&gt;
* May 4, 2015&lt;br /&gt;
** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit&lt;br /&gt;
* April 20, 2015&lt;br /&gt;
** (redrobot) Kilo-RC1&lt;br /&gt;
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?&lt;br /&gt;
** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266&lt;br /&gt;
* April 13, 2015&lt;br /&gt;
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here]. &lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]&lt;br /&gt;
** (redrobot) Juno to Kilo DB migration&lt;br /&gt;
** (redrobot) Content-Type and payload_content_type combinations&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=84940</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=84940"/>
				<updated>2015-07-01T20:48:24Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Updated per previous discussion&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* July 6, 2015&lt;br /&gt;
** Let's discuss the fifth 'acl-user' role needed for Barbican:&lt;br /&gt;
*** Ugh, I noticed we did discuss this on May 4th with an etherpad [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion here].&lt;br /&gt;
*** However, I think we got off track talking about lists of secrets...&lt;br /&gt;
*** So I think the outcome of this discussion should just be a paper-cut to add this new role and associated testing for it.&lt;br /&gt;
* June 29, 2015&lt;br /&gt;
** Why are we still testing the python-barbicanclient with py26&lt;br /&gt;
** Dogtag gate as voting&lt;br /&gt;
* June 8, 2015&lt;br /&gt;
** Mid-Cycle RSVP (redrobot)&lt;br /&gt;
* June 1, 2015&lt;br /&gt;
** Vancouver Summit Recap (redrobot)&lt;br /&gt;
** Mid-Cycle (redrobot)&lt;br /&gt;
* May 11, 2015&lt;br /&gt;
** (arunkant) Proposed ACL API changes as per [https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm ACL docs review] comments on line #237&lt;br /&gt;
** (dave-mccowan) Heads-up: adding run-as-user support to functional tests.  You local keystone deployment will need new users and roles installed to run functional tests.&lt;br /&gt;
* May 4, 2015&lt;br /&gt;
** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit&lt;br /&gt;
* April 20, 2015&lt;br /&gt;
** (redrobot) Kilo-RC1&lt;br /&gt;
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?&lt;br /&gt;
** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266&lt;br /&gt;
* April 13, 2015&lt;br /&gt;
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here]. &lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]&lt;br /&gt;
** (redrobot) Juno to Kilo DB migration&lt;br /&gt;
** (redrobot) Content-Type and payload_content_type combinations&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=84938</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=84938"/>
				<updated>2015-07-01T20:43:14Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added read-only user discussion topic&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* July 6, 2015&lt;br /&gt;
** Let's discuss the fifth 'read-only' role needed for Barbican:&lt;br /&gt;
*** Adam Harwell suggested that we add a 'read-only' role to users must possess to access secrets in Barbican they are on the ACL for&lt;br /&gt;
*** This would allow admins to remove a user's access to Barbican without having to remove them from Keystone completely&lt;br /&gt;
*** Soooo...what to name this new role? Is 'read-only' acceptable to everyone? Or instead let's bike shed a bit on that shall we?&lt;br /&gt;
* June 29, 2015&lt;br /&gt;
** Why are we still testing the python-barbicanclient with py26&lt;br /&gt;
** Dogtag gate as voting&lt;br /&gt;
* June 8, 2015&lt;br /&gt;
** Mid-Cycle RSVP (redrobot)&lt;br /&gt;
* June 1, 2015&lt;br /&gt;
** Vancouver Summit Recap (redrobot)&lt;br /&gt;
** Mid-Cycle (redrobot)&lt;br /&gt;
* May 11, 2015&lt;br /&gt;
** (arunkant) Proposed ACL API changes as per [https://review.openstack.org/#/c/178479/5/doc/source/api/quickstart/acls.rst,cm ACL docs review] comments on line #237&lt;br /&gt;
** (dave-mccowan) Heads-up: adding run-as-user support to functional tests.  You local keystone deployment will need new users and roles installed to run functional tests.&lt;br /&gt;
* May 4, 2015&lt;br /&gt;
** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit&lt;br /&gt;
* April 20, 2015&lt;br /&gt;
** (redrobot) Kilo-RC1&lt;br /&gt;
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?&lt;br /&gt;
** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266&lt;br /&gt;
* April 13, 2015&lt;br /&gt;
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here]. &lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]&lt;br /&gt;
** (redrobot) Juno to Kilo DB migration&lt;br /&gt;
** (redrobot) Content-Type and payload_content_type combinations&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=80058</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=80058"/>
				<updated>2015-05-04T19:37:46Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added read-only user discussion topic&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* May 4, 2015&lt;br /&gt;
** (woodster) Let's [https://etherpad.openstack.org/p/barbican-acl-read-only-user-discussion discuss and fine-tune the 'read-only' ACL user'] a little bit&lt;br /&gt;
* April 20, 2015&lt;br /&gt;
** (redrobot) Kilo-RC1&lt;br /&gt;
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?&lt;br /&gt;
** (redrobot) Bug: https://bugs.launchpad.net/barbican/+bug/1446266&lt;br /&gt;
* April 13, 2015&lt;br /&gt;
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here]. &lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]&lt;br /&gt;
** (redrobot) Juno to Kilo DB migration&lt;br /&gt;
** (redrobot) Content-Type and payload_content_type combinations&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77670</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77670"/>
				<updated>2015-04-16T23:29:19Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Started Apr 20th 2015 agenda&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* April 20, 2015&lt;br /&gt;
** (woodster) What approved or drafting blueprints do we want to bring over to Liberty?&lt;br /&gt;
* April 13, 2015&lt;br /&gt;
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here]. &lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]&lt;br /&gt;
** (redrobot) Juno to Kilo DB migration&lt;br /&gt;
** (redrobot) Content-Type and payload_content_type combinations&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77412</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77412"/>
				<updated>2015-04-13T16:56:24Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* April 13, 2015&lt;br /&gt;
** (redrobot) Vancouver Design Summit. See this Liberty design session topics wiki page [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** (redrobot) Additional role for per-secret ACL. Current policy is available [https://github.com/openstack/barbican/blob/master/etc/barbican/policy.json here]. &lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]&lt;br /&gt;
** (redrobot) Juno to Kilo DB migration&lt;br /&gt;
** (redrobot) Content-Type and payload_content_type combinations&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77004</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77004"/>
				<updated>2015-04-06T16:28:43Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned. See notes on [https://review.openstack.org/#/c/169481 this CR]&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77003</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77003"/>
				<updated>2015-04-06T16:04:55Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and expected sensitivity to additional response key/values returned.&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77002</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77002"/>
				<updated>2015-04-06T16:04:05Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** (woodster) Barbican Python client and sensitivity to additional response key/values returned.&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77001</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=77001"/>
				<updated>2015-04-06T16:03:40Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* April 6, 2015&lt;br /&gt;
** Barbican Python client and sensitivity to additional response key/values returned.&lt;br /&gt;
* March 30, 2015&lt;br /&gt;
** Flagging things for deprecation. (jvrbanac)&lt;br /&gt;
** Logging in Barbican (jvrbanac)&lt;br /&gt;
** Castellan Initial Release (redrobot)&lt;br /&gt;
* March 23, 2015&lt;br /&gt;
** Review comment around storing acl users as comma separated values vs separate table. [https://review.openstack.org/#/c/164334/9/barbican/model/models.py,cm Review Link]  (arunkant)&lt;br /&gt;
** How to integrate Castellan with Openstack service (arunkant)&lt;br /&gt;
*** Related: Castellan release and how to update Castellan resources, i.e. bug tracker (kfarr)&lt;br /&gt;
* March 16, 2015&lt;br /&gt;
** Functional testing&lt;br /&gt;
** Assert parameter order&lt;br /&gt;
&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=74742</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=74742"/>
				<updated>2015-03-02T19:24:17Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* March 2, 2015&lt;br /&gt;
** 100% code coverage options: break packages into 'paper cut' bugs maybe?&lt;br /&gt;
&lt;br /&gt;
* February 23, 2015&lt;br /&gt;
** Mid-cycle recap&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
*** Ade: Wrap profiles around CMC to pass to CA to track product type&lt;br /&gt;
*** Ade: Additional CR for Identify CA migration scripts (2 others in review)&lt;br /&gt;
*** Ade: BarbicanMetadata table&lt;br /&gt;
*** Dave: Certificate Order metadata change API parameter from container ref -&amp;gt; secret ref validation.&lt;br /&gt;
*** tsv: Quotas BP&lt;br /&gt;
*** woodster: reach out to Jarret about hard deletes for compliance concerns.&lt;br /&gt;
*** woodster: Order sub-status&lt;br /&gt;
*** New gates&lt;br /&gt;
** Road to Liberty summit&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-L-design-sessions&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
** L-Summit space requirements&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
*** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Kilo&amp;diff=73156</id>
		<title>Barbican/Kilo</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Kilo&amp;diff=73156"/>
				<updated>2015-02-06T19:21:08Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Kilo Roadmap */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;==Kilo Design Summit Discussions==&lt;br /&gt;
* Kilo Design Sessions https://etherpad.openstack.org/p/barbican-kilo-design-sessions&lt;br /&gt;
** Integration https://etherpad.openstack.org/p/barbican-kilo-integration&lt;br /&gt;
** User-level ACLs https://etherpad.openstack.org/p/barbican-kilo-entity-auth&lt;br /&gt;
** Plugin management https://etherpad.openstack.org/p/barbican-kilo-plugin-lifecycle&lt;br /&gt;
** Certificate API https://etherpad.openstack.org/p/barbican-kilo-certificate-orders&lt;br /&gt;
&lt;br /&gt;
==Kilo Roadmap==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kilo-roadmap Kilo Roadmap From Nov 2014 Paris Summit]&lt;br /&gt;
&lt;br /&gt;
==Kilo Blueprint Hangouts==&lt;br /&gt;
* December 11 at 3:00 PM UTC &lt;br /&gt;
**http://time.is/300PM_11_Dec_2014_in_UTC/EST/CST/PST&lt;br /&gt;
* December 4 at 3:00 PM UTC &lt;br /&gt;
**http://time.is/300PM_4_Dec_2014_in_UTC/EST/CST/PST&lt;br /&gt;
&lt;br /&gt;
==Kilo Midcycle Meetup==&lt;br /&gt;
* February 16-18&lt;br /&gt;
* Capital Factory, Austin, TX&lt;br /&gt;
** https://goo.gl/maps/xlPHB&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=73155</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=73155"/>
				<updated>2015-02-06T19:18:06Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/openstack/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Douglas Mendizábal (redrobot)&lt;br /&gt;
* Ade Lee (alee)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Donald Stufft (dstufft)&lt;br /&gt;
* Jarret Raim (jraim)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Juan Antonio Osorio Robles (jaosorior)&lt;br /&gt;
* Nathan Reller (rellerreller)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Integration  &lt;br /&gt;
| [[Barbican/Integration]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| http://git.openstack.org/cgit/openstack/barbican-specs&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-L-design-sessions Barbican &amp;quot;L&amp;quot; Design Sessions Etherpad]&lt;br /&gt;
* [[Barbican/Kilo]]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-meetup Barbican Juno Midcycle Meetup]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-roadmap Barbican Juno Roadmap]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kite Kite (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/secret-store Secret Store (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;br /&gt;
&lt;br /&gt;
[[category: KeyManagementService]]&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=73154</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=73154"/>
				<updated>2015-02-06T19:17:52Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/openstack/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Douglas Mendizábal (redrobot)&lt;br /&gt;
* Ade Lee (alee)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Donald Stufft (dstufft)&lt;br /&gt;
* Jarret Raim (jraim)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Juan Antonio Osorio Robles (jaosorior)&lt;br /&gt;
* Nathan Reller (rellerreller)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Integration  &lt;br /&gt;
| [[Barbican/Integration]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| http://git.openstack.org/cgit/openstack/barbican-specs&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-L-design-sessions Barbican &amp;quot;L&amp;quot; Design Sessions Etherpad]&lt;br /&gt;
* [[Barbican/Kilo] Kilo Planning Wiki]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-meetup Barbican Juno Midcycle Meetup]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-roadmap Barbican Juno Roadmap]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kite Kite (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/secret-store Secret Store (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;br /&gt;
&lt;br /&gt;
[[category: KeyManagementService]]&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=73153</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=73153"/>
				<updated>2015-02-06T18:31:32Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/openstack/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Douglas Mendizábal (redrobot)&lt;br /&gt;
* Ade Lee (alee)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Donald Stufft (dstufft)&lt;br /&gt;
* Jarret Raim (jraim)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Juan Antonio Osorio Robles (jaosorior)&lt;br /&gt;
* Nathan Reller (rellerreller)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Integration  &lt;br /&gt;
| [[Barbican/Integration]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| http://git.openstack.org/cgit/openstack/barbican-specs&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-L-design-sessions Barbican &amp;quot;L&amp;quot; Design Sessions Etherpad]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Sprints/BarbicanKiloSprint Barbican Kilo Midcycle Meetup]&lt;br /&gt;
* [[Barbican/Kilo]]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-meetup Barbican Juno Midcycle Meetup]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-roadmap Barbican Juno Roadmap]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kite Kite (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/secret-store Secret Store (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;br /&gt;
&lt;br /&gt;
[[category: KeyManagementService]]&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=73150</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=73150"/>
				<updated>2015-02-06T16:37:08Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Discussions / Etherpads */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/openstack/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Douglas Mendizábal (redrobot)&lt;br /&gt;
* Ade Lee (alee)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Donald Stufft (dstufft)&lt;br /&gt;
* Jarret Raim (jraim)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Juan Antonio Osorio Robles (jaosorior)&lt;br /&gt;
* Nathan Reller (rellerreller)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Integration  &lt;br /&gt;
| [[Barbican/Integration]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| http://git.openstack.org/cgit/openstack/barbican-specs&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Sprints/BarbicanKiloSprint Barbican Kilo Midcycle Meetup]&lt;br /&gt;
* [[Barbican/Kilo]]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-meetup Barbican Juno Midcycle Meetup]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-roadmap Barbican Juno Roadmap]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kite Kite (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/secret-store Secret Store (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;br /&gt;
&lt;br /&gt;
[[category: KeyManagementService]]&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72818</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72818"/>
				<updated>2015-02-02T22:45:23Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Add a link back to the main barbican wiki page, as there is no obvious link there.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://wiki.openstack.org/wiki/Barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72807</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72807"/>
				<updated>2015-02-02T20:37:11Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/openstack/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* February 9, 2015&lt;br /&gt;
** Update on Swift integration with KeyManager, if/when moving to Castellan&lt;br /&gt;
&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72804</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72804"/>
				<updated>2015-02-02T20:21:37Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/openstack/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here].&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72802</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72802"/>
				<updated>2015-02-02T20:02:06Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/openstack/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Kilo 2&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here] now.&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
** A note about Barbican packaging effort underway&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72668</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72668"/>
				<updated>2015-01-29T23:04:24Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/openstack/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here] now.&lt;br /&gt;
** Migration scripts are not being ran (according to the bugs that I've found) up to which revision should we keep(support)? [jaosorior]&lt;br /&gt;
** https://bugs.launchpad.net/barbican/+bug/1376902 [jaosorior]&lt;br /&gt;
*** This bug also relates to plugin validation which has been [https://etherpad.openstack.org/p/barbican-validation-options discussed in the past] but not otherwise acted upon.&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72548</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72548"/>
				<updated>2015-01-28T20:07:29Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/openstack/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* February 2, 2015&lt;br /&gt;
** Just a note: L design session etherpad is available [https://etherpad.openstack.org/p/barbican-L-design-sessions here] now.&lt;br /&gt;
&lt;br /&gt;
* January 26, 2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
&lt;br /&gt;
* January 19, 2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72384</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72384"/>
				<updated>2015-01-26T23:01:44Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Weekly Barbican Meeting */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/openstack/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): redrobot (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* January 26,2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
&lt;br /&gt;
* January 19,2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72383</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72383"/>
				<updated>2015-01-26T23:00:56Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Weekly Barbican Meeting */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/openstack/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* January 26,2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
** Castellan project&lt;br /&gt;
*** Which openstack services are driving? What is the timeline for Castellan availability and services started using it.&lt;br /&gt;
&lt;br /&gt;
* January 19,2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72338</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=72338"/>
				<updated>2015-01-26T15:51:16Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/cloudkeep/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* January 26,2015&lt;br /&gt;
** KMIP MKEK plugin spec https://review.openstack.org/#/c/148948 [tkelsey]&lt;br /&gt;
*** Discussion over the creation of a new plugin vs updating KMIPSecretStore&lt;br /&gt;
*** Discussion over Incompatible pluggin versioning (if we decide not to make a second plugin)&lt;br /&gt;
** [https://review.openstack.org/#/c/145073 Content types blueprint]:&lt;br /&gt;
*** Seems very close...what questions still need to be answered?&lt;br /&gt;
** [https://review.openstack.org/#/c/127353 Per Secret Policy blueprint]:&lt;br /&gt;
*** Open question: Should whitelisted users be able to decrypt secrets even if they don't have proper Barbican roles?&lt;br /&gt;
** [https://review.openstack.org/#/c/132091 Quota Support blueprint]:&lt;br /&gt;
*** Open question: Admin endpoint (9312) vs service admin thats allowed to set quotas on any project it wishes to?&lt;br /&gt;
&lt;br /&gt;
* January 19,2015&lt;br /&gt;
** Barbican Mid-Cycle&lt;br /&gt;
*** https://etherpad.openstack.org/p/barbican-kilo-sprint&lt;br /&gt;
** Vancouver Summit&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=71638</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=71638"/>
				<updated>2015-01-12T20:11:56Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/cloudkeep/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* January 12, 2015&lt;br /&gt;
** Castellan progress [redrobot/rm_work]&lt;br /&gt;
** KMIPSecretStore HSM connection certificates [tkelsey]&lt;br /&gt;
*** Request for reviews on https://review.openstack.org/#/c/135217/&lt;br /&gt;
*** Chance to answer any questions&lt;br /&gt;
** Blueprints:&lt;br /&gt;
*** Quota support: Should we restrict scope? ...So no driver support, no class support?&lt;br /&gt;
*** Per-secret RBAC: Whitelist only vs logical expressions? GET list by project-ID or by resources I can GET?&lt;br /&gt;
&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=71138</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=71138"/>
				<updated>2015-01-05T20:12:50Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/cloudkeep/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* January 5, 2015&lt;br /&gt;
** Kilo 1 Released [redrobot]&lt;br /&gt;
** Quota BP [redrobot]&lt;br /&gt;
** Insights on https://bugs.launchpad.net/barbican/+bug/1376469 [jaosorior]&lt;br /&gt;
** Status of essential blueprints&lt;br /&gt;
&lt;br /&gt;
* December 15, 2014&lt;br /&gt;
** Barbican Mid-Cycle [redrobot]&lt;br /&gt;
&lt;br /&gt;
* December 8, 2014&lt;br /&gt;
** Integration Docs [redrobot]&lt;br /&gt;
** Bugs [redrobot]&lt;br /&gt;
** Castellan [redrobot]&lt;br /&gt;
** Content types [rellerreller]&lt;br /&gt;
*** Any feedback on etherpad page, https://etherpad.openstack.org/p/barbican-formats-discussion?&lt;br /&gt;
&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=68859</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=68859"/>
				<updated>2014-11-25T17:00:00Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/cloudkeep/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* December 1, 2014&lt;br /&gt;
** Consider video conference to discuss and hopefully land our many outstanding blueprints&lt;br /&gt;
&lt;br /&gt;
* November 24, 2014&lt;br /&gt;
** Validation for Typed Container data (Certificates, etc) [rm_work]&lt;br /&gt;
** Castellan scope: include CertMgr / ContainerMgr support? [rm_work]&lt;br /&gt;
** Content type&lt;br /&gt;
&lt;br /&gt;
* November 17, 2014&lt;br /&gt;
** RFC 7030&lt;br /&gt;
*** See Ade's notes - https://etherpad.openstack.org/p/thoughts_on_certs&lt;br /&gt;
** New Key Manager library (Castellan)&lt;br /&gt;
&lt;br /&gt;
* November 10, 2014&lt;br /&gt;
** New Core Reviewers&lt;br /&gt;
** RFC 7030&lt;br /&gt;
&lt;br /&gt;
* October 27, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Atalla ESKM Plugin&lt;br /&gt;
** Barbican T-Shirts&lt;br /&gt;
&lt;br /&gt;
* October 6, 2014&lt;br /&gt;
** Kilo development is open&lt;br /&gt;
*** https://review.openstack.org/#/c/125678/&lt;br /&gt;
&lt;br /&gt;
* Sep 29, 2014&lt;br /&gt;
** Juno RC1&lt;br /&gt;
*** CR https://review.openstack.org/#/c/110817/ review and merge before Juno final?&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=63262</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=63262"/>
				<updated>2014-09-22T19:46:30Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added Sept 22 section, and link to kilo etherpad&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/cloudkeep/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* Sep 22, 2014&lt;br /&gt;
** (woodster) Added 'How should we handle content type for secrets' block to [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design discussion etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=62622</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=62622"/>
				<updated>2014-09-15T20:19:56Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: /* Agenda */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/cloudkeep/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** (woodster) [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** (woodster) Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
** Need someone to look at https://review.openstack.org/#/c/118697/ comment from Nathan. Based on vote I made this change.&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=62586</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=62586"/>
				<updated>2014-09-15T16:33:56Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added various additions agenda item for Kilo design summit etherpad.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/cloudkeep/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
** Various additions made to the [https://etherpad.openstack.org/p/barbican-kilo-design-sessions Kilo design etherpad].&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=62585</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=62585"/>
				<updated>2014-09-15T16:31:37Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added barbican python client auth refactor agenda item.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/cloudkeep/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* Sep 15, 2014&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
** Metadata Storage: https://etherpad.openstack.org/p/barbican_metadata&lt;br /&gt;
** API Stability &lt;br /&gt;
** Documentation sync up with new API&lt;br /&gt;
** [https://etherpad.openstack.org/p/barbican-juno-final-roadmap Juno roadmap addition]: Refactor Barbican python client to use new Keystone auth components&lt;br /&gt;
&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=62218</id>
		<title>Meetings/Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Meetings/Barbican&amp;diff=62218"/>
				<updated>2014-09-08T15:41:36Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added Juno roadmap etherpad link&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
= Weekly Barbican Meeting =&lt;br /&gt;
&lt;br /&gt;
The [https://github.com/cloudkeep/barbican Barbican] project team holds a weekly team meeting in &amp;lt;code&amp;gt;&amp;lt;nowiki&amp;gt;#openstack-meeting-alt&amp;lt;/nowiki&amp;gt;&amp;lt;/code&amp;gt;:&lt;br /&gt;
&lt;br /&gt;
* Weekly on Mondays at [http://www.timeanddate.com/worldclock/fixedtime.html?iso=20130502T2000 2000 UTC]&lt;br /&gt;
* The blueprints that are used as a basis for the [https://launchpad.net/barbican Barbican project] can be found at https://blueprints.launchpad.net/barbican&lt;br /&gt;
* Notes for previous meetings can be found [http://eavesdrop.openstack.org/meetings/barbican here].&lt;br /&gt;
* Chair (to contact for more information): jraim (#openstack-barbican @ Freenode)&lt;br /&gt;
&lt;br /&gt;
== Agenda ==&lt;br /&gt;
* Sep 8, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
** Juno roadmap discussions: https://etherpad.openstack.org/p/barbican-juno-final-roadmap&lt;br /&gt;
** jenkins.cloudkeep.io&lt;br /&gt;
* Sep 1, 2014&lt;br /&gt;
** Kilo Design Sessions&lt;br /&gt;
* Aug 25, 2014&lt;br /&gt;
** CR Sizes (jvrbanac)&lt;br /&gt;
** String interpolation in debug logging (redrobot, rellerreller)&lt;br /&gt;
** Python 3 support (rellerreller)&lt;br /&gt;
* Aug 18, 2014&lt;br /&gt;
** Juno Home Stretch (woodster)&lt;br /&gt;
* Aug 11, 2014&lt;br /&gt;
** [[Barbican/Integration|Barbican Integration]] &lt;br /&gt;
** Barbican as a Keystone service&lt;br /&gt;
* Aug 4, 2014&lt;br /&gt;
** #openstack-barbican on eavesdrop&lt;br /&gt;
* July 28, 2014&lt;br /&gt;
** Add more type in order post (https://review.openstack.org/#/c/87405/) waiting for review.&lt;br /&gt;
** Kilo conference presentation submissions&lt;br /&gt;
&lt;br /&gt;
* July 21, 2014&lt;br /&gt;
** (redrobot) Expiring Launchpad BPs after 5 days&lt;br /&gt;
&lt;br /&gt;
* July 14, 2014&lt;br /&gt;
** barbican-core nominations vote count&lt;br /&gt;
** can we plan better to make such change  https://review.openstack.org/#/c/103431?&lt;br /&gt;
** python-barbicanclient release schedule&lt;br /&gt;
&lt;br /&gt;
* June 30, 2014&lt;br /&gt;
** Mid-cycle meetup next week&lt;br /&gt;
** Keystone events blueprint&lt;br /&gt;
** (atiwari) https://review.openstack.org/#/c/98174/ (Do we need to worry about backward compatibility?)&lt;br /&gt;
&lt;br /&gt;
* June 23, 2014&lt;br /&gt;
** Mid-cycle meetup in two weeks.&lt;br /&gt;
&lt;br /&gt;
* June 16, 2014&lt;br /&gt;
** Mid-cycle meetup&lt;br /&gt;
&lt;br /&gt;
* June 9, 2014&lt;br /&gt;
** barbican-specs repo &lt;br /&gt;
** juno-1 release coming up&lt;br /&gt;
** mid-cycle meetup&lt;br /&gt;
** https://review.openstack.org/#/c/98473 (is it merge ready? kind of blocker)&lt;br /&gt;
** https://review.openstack.org/#/c/97844/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/98174 (is it merge ready?)&lt;br /&gt;
** Testing code pattern&lt;br /&gt;
** Any progress on eventing system (atiwari).&lt;br /&gt;
** Can tenant_id removal from uri deserve v2 api version(atiwari).&lt;br /&gt;
&lt;br /&gt;
* June 2, 2014&lt;br /&gt;
** Hacking enabled on pep8 gate&lt;br /&gt;
** New barbican-specs repository&lt;br /&gt;
** Order model changes for https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types&lt;br /&gt;
*** New field &amp;quot;meta of type JsonBlob&amp;quot; and &amp;quot;container_id of type String&amp;quot;&lt;br /&gt;
** Meera is adding Barbican tempest tests https://blueprints.launchpad.net/tempest/+spec/add-basic-tests-for-barbican&lt;br /&gt;
*** Comments, Suggestions or disagreement?&lt;br /&gt;
&lt;br /&gt;
* May 5, 2014&lt;br /&gt;
** https://review.openstack.org/#/c/82189/ (is it merge ready?)&lt;br /&gt;
** https://review.openstack.org/#/c/88463/ (review required- API change proposal Key generation)&lt;br /&gt;
** https://review.openstack.org/#/c/81310/ (review required-  Adding target support for policy enforcement.)&lt;br /&gt;
** https://review.openstack.org/#/c/90613/ (review required- API change proposal certificate generation order)&lt;br /&gt;
**The Advanced Services Common Requirements team wanted to discuss the current status of the Barbican and its readiness to utilize the Barbican for Certificate/key generation and for storing the tenant's certificates sercurely in the system. &lt;br /&gt;
**Can we get an update or talk about this in today's meeting.&lt;br /&gt;
*** https://blueprints.launchpad.net/barbican/+spec/add-wrapping-key-to-barbican-server&lt;br /&gt;
&lt;br /&gt;
* April 28, 2014&lt;br /&gt;
** Action items:&lt;br /&gt;
*** all: Review/contribute to Malini's etherpad: https://etherpad.openstack.org/p/juno-key-manager-chapter&lt;br /&gt;
*** all: Review atiwari's CR to modify the crypto plugin interface: https://review.openstack.org/#/c/82189/&lt;br /&gt;
*** core: Consider beefing up barbican docs related to current crypto plugin operation, as prep for the OpenStack summit&lt;br /&gt;
&lt;br /&gt;
* April 7, 2014&lt;br /&gt;
** malini - update on Secuirty Guide documentation&lt;br /&gt;
** alee_/atiwari - Crypto plugin changes&lt;br /&gt;
** arunkant - Target support in barbican policy enforcement [https://blueprints.launchpad.net/barbican/+spec/policy-target-support]&lt;br /&gt;
** jraim - Support for debug mode start in barbican [https://review.openstack.org/#/c/82265/], can be merged?&lt;br /&gt;
&lt;br /&gt;
== Meeting organizers ==&lt;br /&gt;
&lt;br /&gt;
* Publish the agenda 24h in advance&lt;br /&gt;
* Mail the agenda to the list and invite participants&lt;br /&gt;
* Ask each person responsible for an action from the previous meeting to prepare a line of the form, for each action item:   . #info nickname description of the action link to the diff / mailing list thread etc. describing the implementation of the action&lt;br /&gt;
* Use http://meetbot.debian.net/Manual.html to get an automatic summary&lt;br /&gt;
* Prepare an outline for the meeting to speed things up (see http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-05-10-16.00.log.html for an actual example)&lt;br /&gt;
* Record decisions and commitments; review in the next meeting&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=57328</id>
		<title>Barbican</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican&amp;diff=57328"/>
				<updated>2014-07-03T18:29:48Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added link to Juno midcycle meetup.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Barbican is a ReST API designed for the secure storage, provisioning and management of secrets. It is aimed at being useful for all environments, including large ephemeral Clouds. All documentation and work can be found on either Launchpad or Github at the following locations:&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/openstack/barbican Source Code]&lt;br /&gt;
* [https://launchpad.net/barbican Launchpad]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki Wiki]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process Contributing]&lt;br /&gt;
&lt;br /&gt;
== Core Team ==&lt;br /&gt;
&lt;br /&gt;
* [PTL] Jarret Raim (jraim)&lt;br /&gt;
* John Wood (woodster)&lt;br /&gt;
* Douglas Mendizabal (redrobot)&lt;br /&gt;
* Paul Kehrer (reaperhulk)&lt;br /&gt;
* John Vrbanac (jvrbanac)&lt;br /&gt;
* Steve Heyman (hockeynut)&lt;br /&gt;
* Chad Lung (chadlung)&lt;br /&gt;
* Steven Gonzales (codekobe)&lt;br /&gt;
* Donald Stufft (dstufft))&lt;br /&gt;
&lt;br /&gt;
== Resources ==&lt;br /&gt;
&lt;br /&gt;
{| border=&amp;quot;1&amp;quot; cellpadding=&amp;quot;2&amp;quot; cellspacing=&amp;quot;0&amp;quot;&lt;br /&gt;
|  Meetings&lt;br /&gt;
| [[Meetings/Barbican]] &lt;br /&gt;
|-&lt;br /&gt;
|  IRC &lt;br /&gt;
| #openstack-barbican on Freenode&lt;br /&gt;
|-&lt;br /&gt;
|  Milestones  &lt;br /&gt;
| https://launchpad.net/barbican/+milestones&lt;br /&gt;
|-&lt;br /&gt;
|  Incubation  &lt;br /&gt;
| [[Barbican/Incubation]] &lt;br /&gt;
|-&lt;br /&gt;
| Planning&lt;br /&gt;
| https://github.com/cloudkeep/barbican/issues?state=open&lt;br /&gt;
|-&lt;br /&gt;
| Mailing List&lt;br /&gt;
| [http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev OpenStack dev] list, prefix with [barbican]&lt;br /&gt;
|-&lt;br /&gt;
|  Bug tracker   &lt;br /&gt;
| https://bugs.launchpad.net/barbican&lt;br /&gt;
|- &lt;br /&gt;
| Blueprints&lt;br /&gt;
| [[Barbican/Blueprints]]&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
== Discussions / Etherpads ==&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-meetup Barbican Juno Midcycle Meetup]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-juno-roadmap Barbican Juno Roadmap]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-events Barbican Events (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-plugins Barbican Plugins (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-asym Barbican Asymmetric Support (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/barbican-kite Kite (Atlanta Summit 2014)]&lt;br /&gt;
* [https://etherpad.openstack.org/p/secret-store Secret Store (Atlanta Summit 2014)]&lt;br /&gt;
* [[Barbican/Certmonger]]&lt;br /&gt;
* [[Barbican/Discussion-Plugin-Design]]&lt;br /&gt;
&lt;br /&gt;
== Getting Started ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Barbican-Getting-Started-Guide Getting Started]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanDevStack Running Barbican via DevStack]&lt;br /&gt;
* [https://github.com/cloudkeep-ops/barbican-vagrant-zero/blob/master/README.md Setting up a local Barbican Cluster using Vagrant]&lt;br /&gt;
* [https://wiki.openstack.org/wiki/Barbican/Barbican-IDE-Debugging Barbican debugging with IDE]&lt;br /&gt;
&lt;br /&gt;
== Automation Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://wiki.openstack.org/wiki/BarbicanAutomation Barbican Automation (Chef)]&lt;br /&gt;
&lt;br /&gt;
== Technical Details ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Application-Programming-Interface API Documentation]&lt;br /&gt;
* [https://github.com/cloudkeep/barbican/wiki/Architecture Architecture]&lt;br /&gt;
&lt;br /&gt;
== Presentations ==&lt;br /&gt;
&lt;br /&gt;
* [http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/barbican-1-0-open-source-key-management-for-openstack Havanna Summit in Hong Kong], [https://speakerdeck.com/jraim/barbican-1-dot-0 Presentation]&lt;br /&gt;
* [http://www.openstack.org/summit/portland-2013/session-videos/presentation/cloud-keep-openstack-key-management-as-a-service Grizzly Summit in Portand], [https://speakerdeck.com/jraim/secret-as-a-service-barbican Presentation]&lt;br /&gt;
* [https://speakerdeck.com/jraim/cloudifying-key-management Cloudifying Key Management] from BSides Austin 2013&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=55040</id>
		<title>BarbicanDevStack</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=BarbicanDevStack&amp;diff=55040"/>
				<updated>2014-06-05T19:48:45Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added note about running DevStack from a dedicated VM.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Running Barbican via DevStack ==&lt;br /&gt;
&lt;br /&gt;
Steps to run Barbican via DevStack (assuming Ubuntu 12.04 LTS or Ubuntu 14.04 LTS):&lt;br /&gt;
&lt;br /&gt;
Note: Due to the amount of dependencies and configuration performed by the DevStack process, we suggest running DevStack from a dedicated/temporary virtual machine rather than your local workstation.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ sudo apt-get update&lt;br /&gt;
$ sudo apt-get install libffi-dev libssl-dev git -y&lt;br /&gt;
$ git clone https://github.com/openstack-dev/devstack.git&lt;br /&gt;
$ git clone https://github.com/openstack/barbican.git&lt;br /&gt;
$ mv barbican/contrib/devstack/lib/barbican devstack/lib/&lt;br /&gt;
$ mv barbican/contrib/devstack/local.conf devstack/&lt;br /&gt;
$ mv barbican/contrib/devstack/extras.d/70-barbican.sh devstack/extras.d/&lt;br /&gt;
$ sudo ./devstack/tools/create-stack-user.sh&lt;br /&gt;
$ sudo mv devstack/ /opt/stack/&lt;br /&gt;
$ rm -rf barbican/&lt;br /&gt;
$ chown -R stack:stack /opt/stack/devstack/&lt;br /&gt;
$ su - stack&lt;br /&gt;
$ cd /opt/stack/devstack/&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This next step will take a while to run but the end result is you should have Barbican running under DevStack:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./stack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
To shutdown Barbican (and it's dependent services) simply run this:&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
$ ./unstack.sh&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
'''Note:''' If you have issues (compute might be throwing some errors - assuming you've enabled compute because we don't by default in the local.conf) you can ease back the firewall. Keep in mind this opens your computer up completely. '''Only do this if you know what you are doing and if you are having issues'''. Adjust as needed.&lt;br /&gt;
&lt;br /&gt;
&amp;lt;pre&amp;gt;&amp;lt;nowiki&amp;gt;&lt;br /&gt;
# Flush all firewall rules for DevStack&lt;br /&gt;
# (Only do this if you really know what you're doing and have problems running DevStack)&lt;br /&gt;
$ iptables -F&lt;br /&gt;
$ iptables -P INPUT ACCEPT&lt;br /&gt;
$ iptables -P FORWARD ACCEPT&lt;br /&gt;
$ iptables -P OUTPUT ACCEPT&lt;br /&gt;
&amp;lt;/nowiki&amp;gt;&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints&amp;diff=54324</id>
		<title>Barbican/Blueprints</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Blueprints&amp;diff=54324"/>
				<updated>2014-05-30T14:58:45Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added link to the barbican gerrit setup wiki page.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&lt;br /&gt;
== Blueprints ==&lt;br /&gt;
At the Juno design summit in Atlanta, Barbican decided to adopt a new process for creating and approving blueprints. This process is based on similar processes that many other teams have adopted for the Juno cycle. You can review the high level blueprinting process [https://wiki.openstack.org/wiki/Blueprints here]. We are reproducing the Nova process below so as to prevent any inadvertent changes to the Barbican process if Nova decides to update theirs, but the rest of the content on the page should be useful.&lt;br /&gt;
&lt;br /&gt;
=== Creating a Blueprint ===&lt;br /&gt;
Barbican has a team of people, led by the PTL, that are responsible for reviewing blueprints. That is the [https://launchpad.net/~barbican-core/+members#active barbican-core] team.&lt;br /&gt;
&lt;br /&gt;
To aid the reviewing of a blueprint by a team of people, the the design specifications related to each blueprint are reviewed in Gerrit, and stored in git, just like all the code:&lt;br /&gt;
http://git.openstack.org/cgit/stackforge/barbican-specs (TODO [JDR]:This still needs to be created).&lt;br /&gt;
&lt;br /&gt;
Starting with the Juno release, the process for getting your blueprint in Barbican is:&lt;br /&gt;
* Register your blueprint in launchpad (as normal)&lt;br /&gt;
* Upload a design specification in the &amp;quot;specs/&amp;lt;release&amp;gt;&amp;quot; folder in nova-specs&lt;br /&gt;
** e.g. http://git.openstack.org/cgit/stackforge/barbican-specs/tree/specs/juno/name-of-your-blueprint-in-launchpad&lt;br /&gt;
** it should be based on the [http://git.openstack.org/cgit/stackforge/barbican-specs/tree/specs/template.rst template], see the instructions in the template for more details&lt;br /&gt;
** get it reviewed by submitting your patch using Gerrit, in the usual way: [[Gerrit_Workflow]]&lt;br /&gt;
*** For new contributors, [https://github.com/cloudkeep/barbican/wiki/Gerrit-Review-Process this page] may also be helpful for setting up Gerrit locally.&lt;br /&gt;
** at the end of each release, non-completed specs will be removed&lt;br /&gt;
** you need to re-submit for the following release, should the blueprint slip&lt;br /&gt;
* Once your design specification has been committed to barbican-specs:&lt;br /&gt;
** Update your blueprint's specification URL to point to the design specification in barbican-specs&lt;br /&gt;
** Propose your blueprint, as above, by selecting the milestone in which you plan to complete the blueprint&lt;br /&gt;
* barbican-core will approve blueprint once:&lt;br /&gt;
** proposer has picked a target milestone, URL points to barbican-specs correctly, and code has been started&lt;br /&gt;
** barbican-specs check there is code in gerrit, such that they think the proposed target is achievable&lt;br /&gt;
** should blueprint slip to the next milestone, blueprint will be re-evaluated&lt;br /&gt;
* Now everything continues as it would with any other OpenStack project&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Current Launchpad blueprints for Barbican can be found [https://blueprints.launchpad.net/barbican here].&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51303</id>
		<title>Barbican/Discussion-Plugin-Design</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51303"/>
				<updated>2014-05-05T21:14:52Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added emphasis to last line.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Contents ==&lt;br /&gt;
&lt;br /&gt;
'''This wiki page is a work in progress, intended to get contributors thinking about how to manage Barbican plugins and workflows for the Juno effort and beyond.'''&lt;br /&gt;
&lt;br /&gt;
This page explores design concepts for Barbican plugin interfaces. Barbican currently uses plugins to interface with cryptographic resources such as hardware security modules (HSMs). This page also discusses how the plugin approach could accommodate the planned addition of SSL certificate generation and management to the ''orders'' resource.&lt;br /&gt;
&lt;br /&gt;
== Overview ==&lt;br /&gt;
&lt;br /&gt;
The following figure depicts a generic plugin dataflow within Barbican. Note the separation of 'core' Barbican functionality (available in the main Barbican repository and representing work done on behalf of plugins) from 'plugin' functionality to perform some type of work, which might include interaction with external services. Plugins can be invoked via synchronous or asynchronous processes, such as for encryption/decryption/validation or for order processing, respectively. The source code for these 'plugins' may or may not be available in the Barbican code base.&lt;br /&gt;
&lt;br /&gt;
[[File:general-plugin-flow.jpg|framed|center|Generic Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Focusing on Barbican Core, a plugin must be selectable from more than one potential implementing plugin based on some criteria, such as first one to support a feature. Plugin selection is discussed in a later section. &lt;br /&gt;
&lt;br /&gt;
Barbican must then provide inputs to the plugin to do its work. If the plugin is stateful across multiple calls to the plugin, then Barbican should store this state on the plugin's behalf, keying this data to an flow instance such as a specific order process. Note that Barbican may also pass an 'inversion of control' (IoC) component into the plugin, which would allow the plugin to interact with Barbican services (such as event generation) without knowledge of how Barbican implements these services. &lt;br /&gt;
&lt;br /&gt;
When the plugin is invoked, the plugin performs its work, which may include interacting with an external service. For synchronous work flows (such as Barbican API processing), these service calls should be made as fast as possible since the response back to the client will be blocked until they complete. &lt;br /&gt;
&lt;br /&gt;
Once a plugin returns, Barbican Core can persist the results. State can also be persisted into the Barbican Core data store if required for follow on plugin calls (such as extended workflow processing of a given SSL certificate). Barbican Core could also support if a plugin needs to be called again on a scheduled basis.&lt;br /&gt;
&lt;br /&gt;
== Asynchronous Order Processing Plugins  ==&lt;br /&gt;
&lt;br /&gt;
The Overview section detailed Barbican plugin flows. This section adds more detail for asynchronous order process flows, especially for [[Barbican/Blueprints/ssl-certificates|SSL certification generation involving interacting with a certification authority (CA)]]. The following figure depicts asynchronous processing by the Barbican Core worker process, invoked via RPC calls from the oslo.messaging queue service.&lt;br /&gt;
&lt;br /&gt;
[[File:async-ssl-cert-plugin.jpg|framed|center|Asynchronous Order Processing Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For SSL certification generation, more than one vendor plugin may be available such as for Dogtag or Symantec, hence the order's details should include which vendor to use for the selection criteria, or else Barbican should support specifying a default vendor/plugin to use. The same vendor plugin could be use to validate inputs (esp. for the many fields needed for a CSR) as well as for asynchronous worker-side order processing.&lt;br /&gt;
&lt;br /&gt;
Barbican then retrieves any state associated with a given order instance, probably via order meta data information stored along with the order record. The plugin could define this status as key/value pairs for example. Since the same plugin may be called multiple times for the same order instance, this persisted state might include a state machine state name that directs which business logic to use within the vendor plugin. If the order instance needs to 'link' to an external system's order reference (such as for Symantec) this could be stored in the meta data as well (as determined by the plugin).&lt;br /&gt;
&lt;br /&gt;
Next Barbican Core must provide IoC components to allow plugins to perform system interaction (such as database updates and event notification) without them directly accessing these critical core components. As depicted in the figure, one IoC handler could present specific methods such as 'notify_ssl_cert_is_ready()' which are handled by Barbican Core as simple log messages for out-of-the-box deployments, or else as CADF messages sent via oslo incubator or Ceilometer for external systems to consume in deployment/company-specific ways. Another IoC handler could 'wrap' data model operations such as 'generate_private_key()' which Barbican Core would implement as a generate/encrypt/store operation in the crypto package. &lt;br /&gt;
&lt;br /&gt;
The order processing plugin can be invoked, perhaps routing flow based on the previous state information, such as for state machine processing for SSL certification processing. The plugin might respond with a status that the Barbican Core logic could use to determine what to do with the plugin next...for example, 'Done' might indicate order processing is completed, 'Continue' might mean persist plugin state with the order for a future plugin call (say via invoked scheduled batch update from the CA), and 'Retry' might mean call the plugin again at a future time to retry an operation.&lt;br /&gt;
&lt;br /&gt;
== Scheduled and Batch Processing ==&lt;br /&gt;
&lt;br /&gt;
The discussion so far has focused on synchronous and asynchronous invocation of plugins for a given workflow or order instance, but some processes might require batch processing across multiple instances. For example, SSL certification processing may involve requesting status from a CA on a scheduled basis. This status might be a batch of multiple SSL certificate order statuses at once, so Barbican would need to iterate through these order statuses and individually invoke plugin tasks for them. The plugin might provide a batch method that Barbican Core could invoke on a scheduled basis, with a callback function passed in that the plugin calls for each order instance seen in the batch. Barbican Core would implement the callback by enqueueing a plugin RPC task for a worker nodes to process.&lt;br /&gt;
&lt;br /&gt;
To implement the scheduled processes, Barbican could use the Nova approach, that uses oslo-incubator's ''periodic_tasks'' annotation on Service methods that should be scheduled. It uses Eventlet greenpools under the hood. Currently the worker servers extend olso's Service, so they are the logical place for the scheduled processes to reside as well. A concern here though is that for reliability, each of the multiple workers should be able to schedule tasks such as the SSL batch status task above. ''If these separate scheduled tasks are in turn enqueuing single-order update tasks, it would be possible for more than one worker to be processing the same order instance.''&lt;br /&gt;
&lt;br /&gt;
== Plugin Source Code Organization ==&lt;br /&gt;
&lt;br /&gt;
The source code for 'Barbican Core' is found in the [https://github.com/stackforge/barbican stackforge/barbican repository] and includes logic supported the left hand side of the figures above, and an abstract base class defining the interactions to the plugins in the middle of the diagrams. Core should also always include simple example and standalone plugin implementations that are enabled out-of-the-box on local installations. They shouldn't require network access to function and demonstrate, should be well unit-tested and should provide a good example to developers of new plugins. &lt;br /&gt;
&lt;br /&gt;
Beyond these simple default plugins however, it is not as obvious how to manage specific plugin implementations' source code. On one hand it is convenient to bundle with Core source code for specific plugin implementations that are likely to be used for production Barbican installations. For example, Barbican Core does currently include PKCS11 and Dogtag based crypto plugins. On the other hand, these plugins usually have dependencies on libraries that are not part of the OpenStack global requirements, and therefore have to accommodate out-of-the-box deployments that don't have those dependencies installed. Hence thorough unit testing is more difficult (via patching) and code logic is a bit more complicated to deal with missing imports. &lt;br /&gt;
&lt;br /&gt;
Another option is to create separate git repositories for the plugin implementation source files, with a dependency on the Barbican Core source base such as to extend abstract plugin contracts. This approach would simplify the Barbican Core code base, but would require integrating multiple repositories for testing purposes. It would also require mechanisms to extend Barbican to include these external dependencies at package time. This is explored in the next section.&lt;br /&gt;
&lt;br /&gt;
== Discovering 3rd Party Plugins ==&lt;br /&gt;
&lt;br /&gt;
With the bundled crypto plugin implementations that Barbican Core includes now (such as PKCS11 and Dogtag), activating them for usage just requires including their dependencies in the deployed Python package or deployment, and then enabling them via configurations in the /etc/barbican/barbican-api.conf file. Stevedore provides the ability to load these plugins and then to select/use them at run time. &lt;br /&gt;
&lt;br /&gt;
For plugins developed outside of Barbican Core, Stevedore could still be used and in addition to installing non-OpenStack dependencies and adding configuration items to barbican-api.conf, would also require adding a setup.cfg file that defines the new plugin namespaces, aliases and classpaths. A new custom-deployment package could then be created and installed. &lt;br /&gt;
&lt;br /&gt;
Another option is to use a plugin module discovery process similar to the Heat project's Resource discovery. Heat defines a folder location that is searched for new Resources, in the form of Python source files that extend a base Resource. A similar approach could be used to discover plugin implementations.&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51302</id>
		<title>Barbican/Discussion-Plugin-Design</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51302"/>
				<updated>2014-05-05T21:12:56Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added last sentence about how the Heat approach could be used in barbican.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Contents ==&lt;br /&gt;
&lt;br /&gt;
'''This wiki page is a work in progress, intended to get contributors thinking about how to manage Barbican plugins and workflows for the Juno effort and beyond.'''&lt;br /&gt;
&lt;br /&gt;
This page explores design concepts for Barbican plugin interfaces. Barbican currently uses plugins to interface with cryptographic resources such as hardware security modules (HSMs). This page also discusses how the plugin approach could accommodate the planned addition of SSL certificate generation and management to the ''orders'' resource.&lt;br /&gt;
&lt;br /&gt;
== Overview ==&lt;br /&gt;
&lt;br /&gt;
The following figure depicts a generic plugin dataflow within Barbican. Note the separation of 'core' Barbican functionality (available in the main Barbican repository and representing work done on behalf of plugins) from 'plugin' functionality to perform some type of work, which might include interaction with external services. Plugins can be invoked via synchronous or asynchronous processes, such as for encryption/decryption/validation or for order processing, respectively. The source code for these 'plugins' may or may not be available in the Barbican code base.&lt;br /&gt;
&lt;br /&gt;
[[File:general-plugin-flow.jpg|framed|center|Generic Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Focusing on Barbican Core, a plugin must be selectable from more than one potential implementing plugin based on some criteria, such as first one to support a feature. Plugin selection is discussed in a later section. &lt;br /&gt;
&lt;br /&gt;
Barbican must then provide inputs to the plugin to do its work. If the plugin is stateful across multiple calls to the plugin, then Barbican should store this state on the plugin's behalf, keying this data to an flow instance such as a specific order process. Note that Barbican may also pass an 'inversion of control' (IoC) component into the plugin, which would allow the plugin to interact with Barbican services (such as event generation) without knowledge of how Barbican implements these services. &lt;br /&gt;
&lt;br /&gt;
When the plugin is invoked, the plugin performs its work, which may include interacting with an external service. For synchronous work flows (such as Barbican API processing), these service calls should be made as fast as possible since the response back to the client will be blocked until they complete. &lt;br /&gt;
&lt;br /&gt;
Once a plugin returns, Barbican Core can persist the results. State can also be persisted into the Barbican Core data store if required for follow on plugin calls (such as extended workflow processing of a given SSL certificate). Barbican Core could also support if a plugin needs to be called again on a scheduled basis.&lt;br /&gt;
&lt;br /&gt;
== Asynchronous Order Processing Plugins  ==&lt;br /&gt;
&lt;br /&gt;
The Overview section detailed Barbican plugin flows. This section adds more detail for asynchronous order process flows, especially for [[Barbican/Blueprints/ssl-certificates|SSL certification generation involving interacting with a certification authority (CA)]]. The following figure depicts asynchronous processing by the Barbican Core worker process, invoked via RPC calls from the oslo.messaging queue service.&lt;br /&gt;
&lt;br /&gt;
[[File:async-ssl-cert-plugin.jpg|framed|center|Asynchronous Order Processing Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For SSL certification generation, more than one vendor plugin may be available such as for Dogtag or Symantec, hence the order's details should include which vendor to use for the selection criteria, or else Barbican should support specifying a default vendor/plugin to use. The same vendor plugin could be use to validate inputs (esp. for the many fields needed for a CSR) as well as for asynchronous worker-side order processing.&lt;br /&gt;
&lt;br /&gt;
Barbican then retrieves any state associated with a given order instance, probably via order meta data information stored along with the order record. The plugin could define this status as key/value pairs for example. Since the same plugin may be called multiple times for the same order instance, this persisted state might include a state machine state name that directs which business logic to use within the vendor plugin. If the order instance needs to 'link' to an external system's order reference (such as for Symantec) this could be stored in the meta data as well (as determined by the plugin).&lt;br /&gt;
&lt;br /&gt;
Next Barbican Core must provide IoC components to allow plugins to perform system interaction (such as database updates and event notification) without them directly accessing these critical core components. As depicted in the figure, one IoC handler could present specific methods such as 'notify_ssl_cert_is_ready()' which are handled by Barbican Core as simple log messages for out-of-the-box deployments, or else as CADF messages sent via oslo incubator or Ceilometer for external systems to consume in deployment/company-specific ways. Another IoC handler could 'wrap' data model operations such as 'generate_private_key()' which Barbican Core would implement as a generate/encrypt/store operation in the crypto package. &lt;br /&gt;
&lt;br /&gt;
The order processing plugin can be invoked, perhaps routing flow based on the previous state information, such as for state machine processing for SSL certification processing. The plugin might respond with a status that the Barbican Core logic could use to determine what to do with the plugin next...for example, 'Done' might indicate order processing is completed, 'Continue' might mean persist plugin state with the order for a future plugin call (say via invoked scheduled batch update from the CA), and 'Retry' might mean call the plugin again at a future time to retry an operation.&lt;br /&gt;
&lt;br /&gt;
== Scheduled and Batch Processing ==&lt;br /&gt;
&lt;br /&gt;
The discussion so far has focused on synchronous and asynchronous invocation of plugins for a given workflow or order instance, but some processes might require batch processing across multiple instances. For example, SSL certification processing may involve requesting status from a CA on a scheduled basis. This status might be a batch of multiple SSL certificate order statuses at once, so Barbican would need to iterate through these order statuses and individually invoke plugin tasks for them. The plugin might provide a batch method that Barbican Core could invoke on a scheduled basis, with a callback function passed in that the plugin calls for each order instance seen in the batch. Barbican Core would implement the callback by enqueueing a plugin RPC task for a worker nodes to process.&lt;br /&gt;
&lt;br /&gt;
To implement the scheduled processes, Barbican could use the Nova approach, that uses oslo-incubator's ''periodic_tasks'' annotation on Service methods that should be scheduled. It uses Eventlet greenpools under the hood. Currently the worker servers extend olso's Service, so they are the logical place for the scheduled processes to reside as well. A concern here though is that for reliability, each of the multiple workers should be able to schedule tasks such as the SSL batch status task above. If these separate scheduled tasks are in turn enqueuing single-order update tasks, it would be possible for more than one worker to be processing the same order instance.&lt;br /&gt;
&lt;br /&gt;
== Plugin Source Code Organization ==&lt;br /&gt;
&lt;br /&gt;
The source code for 'Barbican Core' is found in the [https://github.com/stackforge/barbican stackforge/barbican repository] and includes logic supported the left hand side of the figures above, and an abstract base class defining the interactions to the plugins in the middle of the diagrams. Core should also always include simple example and standalone plugin implementations that are enabled out-of-the-box on local installations. They shouldn't require network access to function and demonstrate, should be well unit-tested and should provide a good example to developers of new plugins. &lt;br /&gt;
&lt;br /&gt;
Beyond these simple default plugins however, it is not as obvious how to manage specific plugin implementations' source code. On one hand it is convenient to bundle with Core source code for specific plugin implementations that are likely to be used for production Barbican installations. For example, Barbican Core does currently include PKCS11 and Dogtag based crypto plugins. On the other hand, these plugins usually have dependencies on libraries that are not part of the OpenStack global requirements, and therefore have to accommodate out-of-the-box deployments that don't have those dependencies installed. Hence thorough unit testing is more difficult (via patching) and code logic is a bit more complicated to deal with missing imports. &lt;br /&gt;
&lt;br /&gt;
Another option is to create separate git repositories for the plugin implementation source files, with a dependency on the Barbican Core source base such as to extend abstract plugin contracts. This approach would simplify the Barbican Core code base, but would require integrating multiple repositories for testing purposes. It would also require mechanisms to extend Barbican to include these external dependencies at package time. This is explored in the next section.&lt;br /&gt;
&lt;br /&gt;
== Discovering 3rd Party Plugins ==&lt;br /&gt;
&lt;br /&gt;
With the bundled crypto plugin implementations that Barbican Core includes now (such as PKCS11 and Dogtag), activating them for usage just requires including their dependencies in the deployed Python package or deployment, and then enabling them via configurations in the /etc/barbican/barbican-api.conf file. Stevedore provides the ability to load these plugins and then to select/use them at run time. &lt;br /&gt;
&lt;br /&gt;
For plugins developed outside of Barbican Core, Stevedore could still be used and in addition to installing non-OpenStack dependencies and adding configuration items to barbican-api.conf, would also require adding a setup.cfg file that defines the new plugin namespaces, aliases and classpaths. A new custom-deployment package could then be created and installed. &lt;br /&gt;
&lt;br /&gt;
Another option is to use a plugin module discovery process similar to the Heat project's Resource discovery. Heat defines a folder location that is searched for new Resources, in the form of Python source files that extend a base Resource. A similar approach could be used to discover plugin implementations.&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51301</id>
		<title>Barbican/Discussion-Plugin-Design</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51301"/>
				<updated>2014-05-05T21:11:54Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Add a blank line after figure&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Contents ==&lt;br /&gt;
&lt;br /&gt;
'''This wiki page is a work in progress, intended to get contributors thinking about how to manage Barbican plugins and workflows for the Juno effort and beyond.'''&lt;br /&gt;
&lt;br /&gt;
This page explores design concepts for Barbican plugin interfaces. Barbican currently uses plugins to interface with cryptographic resources such as hardware security modules (HSMs). This page also discusses how the plugin approach could accommodate the planned addition of SSL certificate generation and management to the ''orders'' resource.&lt;br /&gt;
&lt;br /&gt;
== Overview ==&lt;br /&gt;
&lt;br /&gt;
The following figure depicts a generic plugin dataflow within Barbican. Note the separation of 'core' Barbican functionality (available in the main Barbican repository and representing work done on behalf of plugins) from 'plugin' functionality to perform some type of work, which might include interaction with external services. Plugins can be invoked via synchronous or asynchronous processes, such as for encryption/decryption/validation or for order processing, respectively. The source code for these 'plugins' may or may not be available in the Barbican code base.&lt;br /&gt;
&lt;br /&gt;
[[File:general-plugin-flow.jpg|framed|center|Generic Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Focusing on Barbican Core, a plugin must be selectable from more than one potential implementing plugin based on some criteria, such as first one to support a feature. Plugin selection is discussed in a later section. &lt;br /&gt;
&lt;br /&gt;
Barbican must then provide inputs to the plugin to do its work. If the plugin is stateful across multiple calls to the plugin, then Barbican should store this state on the plugin's behalf, keying this data to an flow instance such as a specific order process. Note that Barbican may also pass an 'inversion of control' (IoC) component into the plugin, which would allow the plugin to interact with Barbican services (such as event generation) without knowledge of how Barbican implements these services. &lt;br /&gt;
&lt;br /&gt;
When the plugin is invoked, the plugin performs its work, which may include interacting with an external service. For synchronous work flows (such as Barbican API processing), these service calls should be made as fast as possible since the response back to the client will be blocked until they complete. &lt;br /&gt;
&lt;br /&gt;
Once a plugin returns, Barbican Core can persist the results. State can also be persisted into the Barbican Core data store if required for follow on plugin calls (such as extended workflow processing of a given SSL certificate). Barbican Core could also support if a plugin needs to be called again on a scheduled basis.&lt;br /&gt;
&lt;br /&gt;
== Asynchronous Order Processing Plugins  ==&lt;br /&gt;
&lt;br /&gt;
The Overview section detailed Barbican plugin flows. This section adds more detail for asynchronous order process flows, especially for [[Barbican/Blueprints/ssl-certificates|SSL certification generation involving interacting with a certification authority (CA)]]. The following figure depicts asynchronous processing by the Barbican Core worker process, invoked via RPC calls from the oslo.messaging queue service.&lt;br /&gt;
&lt;br /&gt;
[[File:async-ssl-cert-plugin.jpg|framed|center|Asynchronous Order Processing Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
For SSL certification generation, more than one vendor plugin may be available such as for Dogtag or Symantec, hence the order's details should include which vendor to use for the selection criteria, or else Barbican should support specifying a default vendor/plugin to use. The same vendor plugin could be use to validate inputs (esp. for the many fields needed for a CSR) as well as for asynchronous worker-side order processing.&lt;br /&gt;
&lt;br /&gt;
Barbican then retrieves any state associated with a given order instance, probably via order meta data information stored along with the order record. The plugin could define this status as key/value pairs for example. Since the same plugin may be called multiple times for the same order instance, this persisted state might include a state machine state name that directs which business logic to use within the vendor plugin. If the order instance needs to 'link' to an external system's order reference (such as for Symantec) this could be stored in the meta data as well (as determined by the plugin).&lt;br /&gt;
&lt;br /&gt;
Next Barbican Core must provide IoC components to allow plugins to perform system interaction (such as database updates and event notification) without them directly accessing these critical core components. As depicted in the figure, one IoC handler could present specific methods such as 'notify_ssl_cert_is_ready()' which are handled by Barbican Core as simple log messages for out-of-the-box deployments, or else as CADF messages sent via oslo incubator or Ceilometer for external systems to consume in deployment/company-specific ways. Another IoC handler could 'wrap' data model operations such as 'generate_private_key()' which Barbican Core would implement as a generate/encrypt/store operation in the crypto package. &lt;br /&gt;
&lt;br /&gt;
The order processing plugin can be invoked, perhaps routing flow based on the previous state information, such as for state machine processing for SSL certification processing. The plugin might respond with a status that the Barbican Core logic could use to determine what to do with the plugin next...for example, 'Done' might indicate order processing is completed, 'Continue' might mean persist plugin state with the order for a future plugin call (say via invoked scheduled batch update from the CA), and 'Retry' might mean call the plugin again at a future time to retry an operation.&lt;br /&gt;
&lt;br /&gt;
== Scheduled and Batch Processing ==&lt;br /&gt;
&lt;br /&gt;
The discussion so far has focused on synchronous and asynchronous invocation of plugins for a given workflow or order instance, but some processes might require batch processing across multiple instances. For example, SSL certification processing may involve requesting status from a CA on a scheduled basis. This status might be a batch of multiple SSL certificate order statuses at once, so Barbican would need to iterate through these order statuses and individually invoke plugin tasks for them. The plugin might provide a batch method that Barbican Core could invoke on a scheduled basis, with a callback function passed in that the plugin calls for each order instance seen in the batch. Barbican Core would implement the callback by enqueueing a plugin RPC task for a worker nodes to process.&lt;br /&gt;
&lt;br /&gt;
To implement the scheduled processes, Barbican could use the Nova approach, that uses oslo-incubator's ''periodic_tasks'' annotation on Service methods that should be scheduled. It uses Eventlet greenpools under the hood. Currently the worker servers extend olso's Service, so they are the logical place for the scheduled processes to reside as well. A concern here though is that for reliability, each of the multiple workers should be able to schedule tasks such as the SSL batch status task above. If these separate scheduled tasks are in turn enqueuing single-order update tasks, it would be possible for more than one worker to be processing the same order instance.&lt;br /&gt;
&lt;br /&gt;
== Plugin Source Code Organization ==&lt;br /&gt;
&lt;br /&gt;
The source code for 'Barbican Core' is found in the [https://github.com/stackforge/barbican stackforge/barbican repository] and includes logic supported the left hand side of the figures above, and an abstract base class defining the interactions to the plugins in the middle of the diagrams. Core should also always include simple example and standalone plugin implementations that are enabled out-of-the-box on local installations. They shouldn't require network access to function and demonstrate, should be well unit-tested and should provide a good example to developers of new plugins. &lt;br /&gt;
&lt;br /&gt;
Beyond these simple default plugins however, it is not as obvious how to manage specific plugin implementations' source code. On one hand it is convenient to bundle with Core source code for specific plugin implementations that are likely to be used for production Barbican installations. For example, Barbican Core does currently include PKCS11 and Dogtag based crypto plugins. On the other hand, these plugins usually have dependencies on libraries that are not part of the OpenStack global requirements, and therefore have to accommodate out-of-the-box deployments that don't have those dependencies installed. Hence thorough unit testing is more difficult (via patching) and code logic is a bit more complicated to deal with missing imports. &lt;br /&gt;
&lt;br /&gt;
Another option is to create separate git repositories for the plugin implementation source files, with a dependency on the Barbican Core source base such as to extend abstract plugin contracts. This approach would simplify the Barbican Core code base, but would require integrating multiple repositories for testing purposes. It would also require mechanisms to extend Barbican to include these external dependencies at package time. This is explored in the next section.&lt;br /&gt;
&lt;br /&gt;
== Discovering 3rd Party Plugins ==&lt;br /&gt;
&lt;br /&gt;
With the bundled crypto plugin implementations that Barbican Core includes now (such as PKCS11 and Dogtag), activating them for usage just requires including their dependencies in the deployed Python package or deployment, and then enabling them via configurations in the /etc/barbican/barbican-api.conf file. Stevedore provides the ability to load these plugins and then to select/use them at run time. &lt;br /&gt;
&lt;br /&gt;
For plugins developed outside of Barbican Core, Stevedore could still be used and in addition to installing non-OpenStack dependencies and adding configuration items to barbican-api.conf, would also require adding a setup.cfg file that defines the new plugin namespaces, aliases and classpaths. A new custom-deployment package could then be created and installed. &lt;br /&gt;
&lt;br /&gt;
Another option is to use a plugin module discovery process similar to the Heat project's Resource discovery. Heat defines a folder location that is searched for new Resources, in the form of Python source files that extend a base Resource.&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51300</id>
		<title>Barbican/Discussion-Plugin-Design</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51300"/>
				<updated>2014-05-05T21:11:36Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Add a blank line after figure&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Contents ==&lt;br /&gt;
&lt;br /&gt;
'''This wiki page is a work in progress, intended to get contributors thinking about how to manage Barbican plugins and workflows for the Juno effort and beyond.'''&lt;br /&gt;
&lt;br /&gt;
This page explores design concepts for Barbican plugin interfaces. Barbican currently uses plugins to interface with cryptographic resources such as hardware security modules (HSMs). This page also discusses how the plugin approach could accommodate the planned addition of SSL certificate generation and management to the ''orders'' resource.&lt;br /&gt;
&lt;br /&gt;
== Overview ==&lt;br /&gt;
&lt;br /&gt;
The following figure depicts a generic plugin dataflow within Barbican. Note the separation of 'core' Barbican functionality (available in the main Barbican repository and representing work done on behalf of plugins) from 'plugin' functionality to perform some type of work, which might include interaction with external services. Plugins can be invoked via synchronous or asynchronous processes, such as for encryption/decryption/validation or for order processing, respectively. The source code for these 'plugins' may or may not be available in the Barbican code base.&lt;br /&gt;
&lt;br /&gt;
[[File:general-plugin-flow.jpg|framed|center|Generic Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Focusing on Barbican Core, a plugin must be selectable from more than one potential implementing plugin based on some criteria, such as first one to support a feature. Plugin selection is discussed in a later section. &lt;br /&gt;
&lt;br /&gt;
Barbican must then provide inputs to the plugin to do its work. If the plugin is stateful across multiple calls to the plugin, then Barbican should store this state on the plugin's behalf, keying this data to an flow instance such as a specific order process. Note that Barbican may also pass an 'inversion of control' (IoC) component into the plugin, which would allow the plugin to interact with Barbican services (such as event generation) without knowledge of how Barbican implements these services. &lt;br /&gt;
&lt;br /&gt;
When the plugin is invoked, the plugin performs its work, which may include interacting with an external service. For synchronous work flows (such as Barbican API processing), these service calls should be made as fast as possible since the response back to the client will be blocked until they complete. &lt;br /&gt;
&lt;br /&gt;
Once a plugin returns, Barbican Core can persist the results. State can also be persisted into the Barbican Core data store if required for follow on plugin calls (such as extended workflow processing of a given SSL certificate). Barbican Core could also support if a plugin needs to be called again on a scheduled basis.&lt;br /&gt;
&lt;br /&gt;
== Asynchronous Order Processing Plugins  ==&lt;br /&gt;
&lt;br /&gt;
The Overview section detailed Barbican plugin flows. This section adds more detail for asynchronous order process flows, especially for [[Barbican/Blueprints/ssl-certificates|SSL certification generation involving interacting with a certification authority (CA)]]. The following figure depicts asynchronous processing by the Barbican Core worker process, invoked via RPC calls from the oslo.messaging queue service.&lt;br /&gt;
&lt;br /&gt;
[[File:async-ssl-cert-plugin.jpg|framed|center|Asynchronous Order Processing Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
For SSL certification generation, more than one vendor plugin may be available such as for Dogtag or Symantec, hence the order's details should include which vendor to use for the selection criteria, or else Barbican should support specifying a default vendor/plugin to use. The same vendor plugin could be use to validate inputs (esp. for the many fields needed for a CSR) as well as for asynchronous worker-side order processing.&lt;br /&gt;
&lt;br /&gt;
Barbican then retrieves any state associated with a given order instance, probably via order meta data information stored along with the order record. The plugin could define this status as key/value pairs for example. Since the same plugin may be called multiple times for the same order instance, this persisted state might include a state machine state name that directs which business logic to use within the vendor plugin. If the order instance needs to 'link' to an external system's order reference (such as for Symantec) this could be stored in the meta data as well (as determined by the plugin).&lt;br /&gt;
&lt;br /&gt;
Next Barbican Core must provide IoC components to allow plugins to perform system interaction (such as database updates and event notification) without them directly accessing these critical core components. As depicted in the figure, one IoC handler could present specific methods such as 'notify_ssl_cert_is_ready()' which are handled by Barbican Core as simple log messages for out-of-the-box deployments, or else as CADF messages sent via oslo incubator or Ceilometer for external systems to consume in deployment/company-specific ways. Another IoC handler could 'wrap' data model operations such as 'generate_private_key()' which Barbican Core would implement as a generate/encrypt/store operation in the crypto package. &lt;br /&gt;
&lt;br /&gt;
The order processing plugin can be invoked, perhaps routing flow based on the previous state information, such as for state machine processing for SSL certification processing. The plugin might respond with a status that the Barbican Core logic could use to determine what to do with the plugin next...for example, 'Done' might indicate order processing is completed, 'Continue' might mean persist plugin state with the order for a future plugin call (say via invoked scheduled batch update from the CA), and 'Retry' might mean call the plugin again at a future time to retry an operation.&lt;br /&gt;
&lt;br /&gt;
== Scheduled and Batch Processing ==&lt;br /&gt;
&lt;br /&gt;
The discussion so far has focused on synchronous and asynchronous invocation of plugins for a given workflow or order instance, but some processes might require batch processing across multiple instances. For example, SSL certification processing may involve requesting status from a CA on a scheduled basis. This status might be a batch of multiple SSL certificate order statuses at once, so Barbican would need to iterate through these order statuses and individually invoke plugin tasks for them. The plugin might provide a batch method that Barbican Core could invoke on a scheduled basis, with a callback function passed in that the plugin calls for each order instance seen in the batch. Barbican Core would implement the callback by enqueueing a plugin RPC task for a worker nodes to process.&lt;br /&gt;
&lt;br /&gt;
To implement the scheduled processes, Barbican could use the Nova approach, that uses oslo-incubator's ''periodic_tasks'' annotation on Service methods that should be scheduled. It uses Eventlet greenpools under the hood. Currently the worker servers extend olso's Service, so they are the logical place for the scheduled processes to reside as well. A concern here though is that for reliability, each of the multiple workers should be able to schedule tasks such as the SSL batch status task above. If these separate scheduled tasks are in turn enqueuing single-order update tasks, it would be possible for more than one worker to be processing the same order instance.&lt;br /&gt;
&lt;br /&gt;
== Plugin Source Code Organization ==&lt;br /&gt;
&lt;br /&gt;
The source code for 'Barbican Core' is found in the [https://github.com/stackforge/barbican stackforge/barbican repository] and includes logic supported the left hand side of the figures above, and an abstract base class defining the interactions to the plugins in the middle of the diagrams. Core should also always include simple example and standalone plugin implementations that are enabled out-of-the-box on local installations. They shouldn't require network access to function and demonstrate, should be well unit-tested and should provide a good example to developers of new plugins. &lt;br /&gt;
&lt;br /&gt;
Beyond these simple default plugins however, it is not as obvious how to manage specific plugin implementations' source code. On one hand it is convenient to bundle with Core source code for specific plugin implementations that are likely to be used for production Barbican installations. For example, Barbican Core does currently include PKCS11 and Dogtag based crypto plugins. On the other hand, these plugins usually have dependencies on libraries that are not part of the OpenStack global requirements, and therefore have to accommodate out-of-the-box deployments that don't have those dependencies installed. Hence thorough unit testing is more difficult (via patching) and code logic is a bit more complicated to deal with missing imports. &lt;br /&gt;
&lt;br /&gt;
Another option is to create separate git repositories for the plugin implementation source files, with a dependency on the Barbican Core source base such as to extend abstract plugin contracts. This approach would simplify the Barbican Core code base, but would require integrating multiple repositories for testing purposes. It would also require mechanisms to extend Barbican to include these external dependencies at package time. This is explored in the next section.&lt;br /&gt;
&lt;br /&gt;
== Discovering 3rd Party Plugins ==&lt;br /&gt;
&lt;br /&gt;
With the bundled crypto plugin implementations that Barbican Core includes now (such as PKCS11 and Dogtag), activating them for usage just requires including their dependencies in the deployed Python package or deployment, and then enabling them via configurations in the /etc/barbican/barbican-api.conf file. Stevedore provides the ability to load these plugins and then to select/use them at run time. &lt;br /&gt;
&lt;br /&gt;
For plugins developed outside of Barbican Core, Stevedore could still be used and in addition to installing non-OpenStack dependencies and adding configuration items to barbican-api.conf, would also require adding a setup.cfg file that defines the new plugin namespaces, aliases and classpaths. A new custom-deployment package could then be created and installed. &lt;br /&gt;
&lt;br /&gt;
Another option is to use a plugin module discovery process similar to the Heat project's Resource discovery. Heat defines a folder location that is searched for new Resources, in the form of Python source files that extend a base Resource.&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51293</id>
		<title>Barbican/Discussion-Plugin-Design</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51293"/>
				<updated>2014-05-05T20:56:28Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Minor wording changes.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Contents ==&lt;br /&gt;
&lt;br /&gt;
'''This wiki page is a work in progress, intended to get contributors thinking about how to manage Barbican plugins and workflows for the Juno effort and beyond.'''&lt;br /&gt;
&lt;br /&gt;
This page explores design concepts for Barbican plugin interfaces. Barbican currently uses plugins to interface with cryptographic resources such as hardware security modules (HSMs). This page also discusses how the plugin approach could accommodate the planned addition of SSL certificate generation and management to the ''orders'' resource.&lt;br /&gt;
&lt;br /&gt;
== Overview ==&lt;br /&gt;
&lt;br /&gt;
The following figure depicts a generic plugin dataflow within Barbican. Note the separation of 'core' Barbican functionality (available in the main Barbican repository and representing work done on behalf of plugins) from 'plugin' functionality to perform some type of work, which might include interaction with external services. Plugins can be invoked via synchronous or asynchronous processes, such as for encryption/decryption/validation or for order processing, respectively. The source code for these 'plugins' may or may not be available in the Barbican code base.&lt;br /&gt;
&lt;br /&gt;
[[File:general-plugin-flow.jpg|framed|center|Generic Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
Focusing on Barbican Core, a plugin must be selectable from more than one potential implementing plugin based on some criteria, such as first one to support a feature. Plugin selection is discussed in a later section. &lt;br /&gt;
&lt;br /&gt;
Barbican must then provide inputs to the plugin to do its work. If the plugin is stateful across multiple calls to the plugin, then Barbican should store this state on the plugin's behalf, keying this data to an flow instance such as a specific order process. Note that Barbican may also pass an 'inversion of control' (IoC) component into the plugin, which would allow the plugin to interact with Barbican services (such as event generation) without knowledge of how Barbican implements these services. &lt;br /&gt;
&lt;br /&gt;
When the plugin is invoked, the plugin performs its work, which may include interacting with an external service. For synchronous work flows (such as Barbican API processing), these service calls should be made as fast as possible since the response back to the client will be blocked until they complete. &lt;br /&gt;
&lt;br /&gt;
Once a plugin returns, Barbican Core can persist the results. State can also be persisted into the Barbican Core data store if required for follow on plugin calls (such as extended workflow processing of a given SSL certificate). Barbican Core could also support if a plugin needs to be called again on a scheduled basis.&lt;br /&gt;
&lt;br /&gt;
== Asynchronous Order Processing Plugins  ==&lt;br /&gt;
&lt;br /&gt;
The Overview section detailed Barbican plugin flows. This section adds more detail for asynchronous order process flows, especially for [[Barbican/Blueprints/ssl-certificates|SSL certification generation involving interacting with a certification authority (CA)]]. The following figure depicts asynchronous processing by the Barbican Core worker process, invoked via RPC calls from the oslo.messaging queue service.&lt;br /&gt;
&lt;br /&gt;
[[File:async-ssl-cert-plugin.jpg|framed|center|Asynchronous Order Processing Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
For SSL certification generation, more than one vendor plugin may be available such as for Dogtag or Symantec, hence the order's details should include which vendor to use for the selection criteria, or else Barbican should support specifying a default vendor/plugin to use. The same vendor plugin could be use to validate inputs (esp. for the many fields needed for a CSR) as well as for asynchronous worker-side order processing.&lt;br /&gt;
&lt;br /&gt;
Barbican then retrieves any state associated with a given order instance, probably via order meta data information stored along with the order record. The plugin could define this status as key/value pairs for example. Since the same plugin may be called multiple times for the same order instance, this persisted state might include a state machine state name that directs which business logic to use within the vendor plugin. If the order instance needs to 'link' to an external system's order reference (such as for Symantec) this could be stored in the meta data as well (as determined by the plugin).&lt;br /&gt;
&lt;br /&gt;
Next Barbican Core must provide IoC components to allow plugins to perform system interaction (such as database updates and event notification) without them directly accessing these critical core components. As depicted in the figure, one IoC handler could present specific methods such as 'notify_ssl_cert_is_ready()' which are handled by Barbican Core as simple log messages for out-of-the-box deployments, or else as CADF messages sent via oslo incubator or Ceilometer for external systems to consume in deployment/company-specific ways. Another IoC handler could 'wrap' data model operations such as 'generate_private_key()' which Barbican Core would implement as a generate/encrypt/store operation in the crypto package. &lt;br /&gt;
&lt;br /&gt;
The order processing plugin can be invoked, perhaps routing flow based on the previous state information, such as for state machine processing for SSL certification processing. The plugin might respond with a status that the Barbican Core logic could use to determine what to do with the plugin next...for example, 'Done' might indicate order processing is completed, 'Continue' might mean persist plugin state with the order for a future plugin call (say via invoked scheduled batch update from the CA), and 'Retry' might mean call the plugin again at a future time to retry an operation.&lt;br /&gt;
&lt;br /&gt;
== Scheduled and Batch Processing ==&lt;br /&gt;
&lt;br /&gt;
The discussion so far has focused on synchronous and asynchronous invocation of plugins for a given workflow or order instance, but some processes might require batch processing across multiple instances. For example, SSL certification processing may involve requesting status from a CA on a scheduled basis. This status might be a batch of multiple SSL certificate order statuses at once, so Barbican would need to iterate through these order statuses and individually invoke plugin tasks for them. The plugin might provide a batch method that Barbican Core could invoke on a scheduled basis, with a callback function passed in that the plugin calls for each order instance seen in the batch. Barbican Core would implement the callback by enqueueing a plugin RPC task for a worker nodes to process.&lt;br /&gt;
&lt;br /&gt;
To implement the scheduled processes, Barbican could use the Nova approach, that uses oslo-incubator's ''periodic_tasks'' annotation on Service methods that should be scheduled. It uses Eventlet greenpools under the hood. Currently the worker servers extend olso's Service, so they are the logical place for the scheduled processes to reside as well. A concern here though is that for reliability, each of the multiple workers should be able to schedule tasks such as the SSL batch status task above. If these separate scheduled tasks are in turn enqueuing single-order update tasks, it would be possible for more than one worker to be processing the same order instance.&lt;br /&gt;
&lt;br /&gt;
== Plugin Source Code Organization ==&lt;br /&gt;
&lt;br /&gt;
The source code for 'Barbican Core' is found in the [https://github.com/stackforge/barbican stackforge/barbican repository] and includes logic supported the left hand side of the figures above, and an abstract base class defining the interactions to the plugins in the middle of the diagrams. Core should also always include simple example and standalone plugin implementations that are enabled out-of-the-box on local installations. They shouldn't require network access to function and demonstrate, should be well unit-tested and should provide a good example to developers of new plugins. &lt;br /&gt;
&lt;br /&gt;
Beyond these simple default plugins however, it is not as obvious how to manage specific plugin implementations' source code. On one hand it is convenient to bundle with Core source code for specific plugin implementations that are likely to be used for production Barbican installations. For example, Barbican Core does currently include PKCS11 and Dogtag based crypto plugins. On the other hand, these plugins usually have dependencies on libraries that are not part of the OpenStack global requirements, and therefore have to accommodate out-of-the-box deployments that don't have those dependencies installed. Hence thorough unit testing is more difficult (via patching) and code logic is a bit more complicated to deal with missing imports. &lt;br /&gt;
&lt;br /&gt;
Another option is to create separate git repositories for the plugin implementation source files, with a dependency on the Barbican Core source base such as to extend abstract plugin contracts. This approach would simplify the Barbican Core code base, but would require integrating multiple repositories for testing purposes. It would also require mechanisms to extend Barbican to include these external dependencies at package time. This is explored in the next section.&lt;br /&gt;
&lt;br /&gt;
== Discovering 3rd Party Plugins ==&lt;br /&gt;
&lt;br /&gt;
With the bundled crypto plugin implementations that Barbican Core includes now (such as PKCS11 and Dogtag), activating them for usage just requires including their dependencies in the deployed Python package or deployment, and then enabling them via configurations in the /etc/barbican/barbican-api.conf file. Stevedore provides the ability to load these plugins and then to select/use them at run time. &lt;br /&gt;
&lt;br /&gt;
For plugins developed outside of Barbican Core, Stevedore could still be used and in addition to installing non-OpenStack dependencies and adding configuration items to barbican-api.conf, would also require adding a setup.cfg file that defines the new plugin namespaces, aliases and classpaths. A new custom-deployment package could then be created and installed. &lt;br /&gt;
&lt;br /&gt;
Another option is to use a plugin module discovery process similar to the Heat project's Resource discovery. Heat defines a folder location that is searched for new Resources, in the form of Python source files that extend a base Resource.&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51286</id>
		<title>Barbican/Discussion-Plugin-Design</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51286"/>
				<updated>2014-05-05T20:47:36Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added implementation details per Nova.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Contents ==&lt;br /&gt;
&lt;br /&gt;
'''This wiki page is a work in progress, intended to get contributors thinking about how to manage Barbican plugins and workflows for the Juno effort and beyond.'''&lt;br /&gt;
&lt;br /&gt;
This page explores design concepts for Barbican plugin interfaces. Barbican currently uses plugins to interface with cryptographic resources such as hardware security modules (HSMs). This page also discusses how the plugin approach could accommodate the planned addition of SSL certificate generation and management to the ''orders'' resource.&lt;br /&gt;
&lt;br /&gt;
== Overview ==&lt;br /&gt;
&lt;br /&gt;
The following figure depicts a generic plugin dataflow within Barbican. Note the separation of 'core' Barbican functionality (available in the main Barbican repository and representing work done on behalf of plugins) from 'plugin' functionality to perform some type of work, which might include interaction with external services. Plugins can be invoked via synchronous or asynchronous processes, such as for encryption/decryption/validation or for order processing, respectively. The source code for these 'plugins' may or may not be available in the Barbican code base.&lt;br /&gt;
&lt;br /&gt;
[[File:general-plugin-flow.jpg|framed|center|Generic Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
Focusing on Barbican Core, a plugin must be selectable from more than one potential implementing plugin based on some criteria, such as first one to support a feature. Plugin selection is discussed in a later section. &lt;br /&gt;
&lt;br /&gt;
Barbican must then provide inputs to the plugin to do its work. If the plugin is stateful across multiple calls to the plugin, then Barbican should store this state on the plugin's behalf, keying this data to an flow instance such as a specific order process. Note that Barbican may also pass an 'inversion of control' (IoC) component into the plugin, which would allow the plugin to interact with Barbican services (such as event generation) without knowledge of how Barbican implements these services. &lt;br /&gt;
&lt;br /&gt;
When the plugin is invoked, the plugin performs its work, which may include interacting with an external service. For synchronous work flows (such as Barbican API processing), these service calls should be made as fast as possible since the response back to the client will be blocked until they complete. &lt;br /&gt;
&lt;br /&gt;
Once a plugin returns, Barbican Core can persist the results. State can also be persisted into the Barbican Core data store if required for follow on plugin calls (such as extended workflow processing of a given SSL certificate). Barbican Core could also support if a plugin needs to be called again on a scheduled basis.&lt;br /&gt;
&lt;br /&gt;
== Asynchronous Order Processing Plugins  ==&lt;br /&gt;
&lt;br /&gt;
The Overview section detailed Barbican plugin flows. This section adds more detail for asynchronous order process flows, especially for [[Barbican/Blueprints/ssl-certificates|SSL certification generation involving interacting with a certification authority (CA)]]. The following figure depicts asynchronous processing by the Barbican Core worker process, invoked via RPC calls from the oslo.messaging queue service.&lt;br /&gt;
&lt;br /&gt;
[[File:async-ssl-cert-plugin.jpg|framed|center|Asynchronous Order Processing Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
For SSL certification generation, more than one vendor plugin may be available such as for Dogtag or Symantec, hence the order's details should include which vendor to use for the selection criteria, or else Barbican should support specifying a default vendor/plugin to use. The same vendor plugin could be use to validate inputs (esp. for the many fields needed for a CSR) as well as for asynchronous worker-side order processing.&lt;br /&gt;
&lt;br /&gt;
Barbican then retrieves any state associated with a given order instance, probably via order meta data information stored along with the order record. The plugin could define this status as key/value pairs for example. Since the same plugin may be called multiple times for the same order instance, this persisted state might include a state machine state name that directs which business logic to use within the vendor plugin. If the order instance needs to 'link' to an external system's order reference (such as for Symantec) this could be stored in the meta data as well (as determined by the plugin).&lt;br /&gt;
&lt;br /&gt;
Next Barbican Core must provide IoC components to allow plugins to perform system interaction (such as database updates and event notification) without them directly accessing these critical core components. As depicted in the figure, one IoC handler could present specific methods such as 'notify_ssl_cert_is_ready()' which are handled by Barbican Core as simple log messages for out-of-the-box deployments, or else as CADF messages sent via oslo incubator or Ceilometer for external systems to consume in deployment/company-specific ways. Another IoC handler could 'wrap' data model operations such as 'generate_private_key()' which Barbican Core would implement as a generate/encrypt/store operation in the crypto package. &lt;br /&gt;
&lt;br /&gt;
The order processing plugin can be invoked, perhaps routing flow based on the previous state information, such as for state machine processing for SSL certification processing. The plugin might respond with a status that the Barbican Core logic could use to determine what to do with the plugin next...for example, 'Done' might indicate order processing is completed, 'Continue' might mean persist plugin state with the order for a future plugin call (say via invoked scheduled batch update from the CA), and 'Retry' might mean call the plugin again at a future time to retry an operation.&lt;br /&gt;
&lt;br /&gt;
== Scheduled and Batch Processing ==&lt;br /&gt;
&lt;br /&gt;
The discussion so far has focused on synchronous and asynchronous invocation of plugins for a given workflow or order instance, but some processes might require batch processing across multiple instances. For example, SSL certification processing may involve requesting status from a CA on a scheduled basis. This status might be a batch of multiple SSL certificate order statuses at once, so Barbican would need to iterate through these order statuses and individually invoke plugin tasks for them. The plugin might provide a batch method that Barbican Core could invoke on a scheduled basis, with a callback function passed in that the plugin calls for each order instance seen in the batch. Barbican Core would implement the callback by enqueueing a plugin RPC task for a worker nodes to process.&lt;br /&gt;
&lt;br /&gt;
To implement the scheduled processes, Barbican could use the Nova approach, that uses oslo-incubator's ''periodic_tasks'' annotation on Service methods that should be scheduled. It uses Eventlet greenpools under the hood. Currently the worker servers extend olso's Service, so they are the logical place for the scheduled processes to reside as well. A concern here though is that for reliability, each of the multiple workers should be able to schedule tasks such as the SSL batch status task above. If these separate scheduled tasks are in turn enqueuing single-order update tasks, it would be possible for more than one worker to be processing the same order instance.&lt;br /&gt;
&lt;br /&gt;
== Plugin Source Code Organization ==&lt;br /&gt;
&lt;br /&gt;
The term 'Barbican Core' refers to code found in the [https://github.com/stackforge/barbican stackforge/barbican repository] and includes logic supported the left hand side of the figures above, and an abstract base class defining the interactions to the plugins in the middle of the diagrams. Core should also always include simple example and standalone plugin implementations that are enabled out-of-the-box on local installations. They shouldn't require network access to function and demonstrate, should be well unit-tested and should provide a good example to developers of new plugins. &lt;br /&gt;
&lt;br /&gt;
Beyond these simple default plugins however, it is not as obvious how to manage specific plugin implementations' source code. On one hand it is convenient to bundle with Core source code for specific plugin implementations that are likely to be used for production Barbican installations. For example, Barbican Core does currently include PKCS11 and Dogtag based crypto plugins. On the other hand, these plugins usually have dependencies on libraries that are not part of the OpenStack global requirements, and therefore have to accommodate out-of-the-box deployments that don't have those dependencies installed. Hence thorough unit testing is more difficult (via patching) and code logic is a bit more complicated to deal with missing imports. &lt;br /&gt;
&lt;br /&gt;
Another option is to create separate git repositories for the plugin implementation source files, with a dependency on the Barbican Core source base such as to extend abstract plugin contracts. This approach would simplify the Barbican Core code base, but would require integrating multiple repositories for testing purposes. It would also require mechanisms to extend Barbican to include these external dependencies at package time. This is explored in the next section.&lt;br /&gt;
&lt;br /&gt;
== Discovering 3rd Party Plugins ==&lt;br /&gt;
&lt;br /&gt;
With the bundled crypto plugin implementations that Barbican Core includes now (such as PKCS11 and Dogtag), activating them for usage just requires including their dependencies in the deployed Python package or deployment, and then enabling them via configurations in the /etc/barbican/barbican-api.conf file. Stevedore provides the ability to load these plugins and then to select/use them at run time. &lt;br /&gt;
&lt;br /&gt;
For plugins developed outside of Barbican Core, Stevedore could still be used and in addition to installing non-OpenStack dependencies and adding configuration items to barbican-api.conf, would also require adding a setup.cfg file that defines the new plugin namespaces, aliases and classpaths. A new custom-deployment package could then be created and installed. &lt;br /&gt;
&lt;br /&gt;
Another option is to use a plugin module discovery process similar to the Heat project's Resource discovery. Heat defines a folder location that is searched for new Resources, in the form of Python source files that extend a base Resource.&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51099</id>
		<title>Barbican/Discussion-Plugin-Design</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51099"/>
				<updated>2014-05-05T00:52:49Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added note about needed to validate many CSR inputs.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Contents ==&lt;br /&gt;
&lt;br /&gt;
'''This wiki page is a work in progress, intended to get contributors thinking about how to manage Barbican plugins and workflows for the Juno effort and beyond.'''&lt;br /&gt;
&lt;br /&gt;
This page explores design concepts for Barbican plugin interfaces. Barbican currently uses plugins to interface with cryptographic resources such as hardware security modules (HSMs). This page also discusses how the plugin approach could accommodate the planned addition of SSL certificate generation and management to the ''orders'' resource.&lt;br /&gt;
&lt;br /&gt;
== Overview ==&lt;br /&gt;
&lt;br /&gt;
The following figure depicts a generic plugin dataflow within Barbican. Note the separation of 'core' Barbican functionality (available in the main Barbican repository and representing work done on behalf of plugins) from 'plugin' functionality to perform some type of work, which might include interaction with external services. Plugins can be invoked via synchronous or asynchronous processes, such as for encryption/decryption/validation or for order processing, respectively. The source code for these 'plugins' may or may not be available in the Barbican code base.&lt;br /&gt;
&lt;br /&gt;
[[File:general-plugin-flow.jpg|framed|center|Generic Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
Focusing on Barbican Core, a plugin must be selectable from more than one potential implementing plugin based on some criteria, such as first one to support a feature. Plugin selection is discussed in a later section. &lt;br /&gt;
&lt;br /&gt;
Barbican must then provide inputs to the plugin to do its work. If the plugin is stateful across multiple calls to the plugin, then Barbican should store this state on the plugin's behalf, keying this data to an flow instance such as a specific order process. Note that Barbican may also pass an 'inversion of control' (IoC) component into the plugin, which would allow the plugin to interact with Barbican services (such as event generation) without knowledge of how Barbican implements these services. &lt;br /&gt;
&lt;br /&gt;
When the plugin is invoked, the plugin performs its work, which may include interacting with an external service. For synchronous work flows (such as Barbican API processing), these service calls should be made as fast as possible since the response back to the client will be blocked until they complete. &lt;br /&gt;
&lt;br /&gt;
Once a plugin returns, Barbican Core can persist the results. State can also be persisted into the Barbican Core data store if required for follow on plugin calls (such as extended workflow processing of a given SSL certificate). Barbican Core could also support if a plugin needs to be called again on a scheduled basis.&lt;br /&gt;
&lt;br /&gt;
== Asynchronous Order Processing Plugins  ==&lt;br /&gt;
&lt;br /&gt;
The Overview section detailed Barbican plugin flows. This section adds more detail for asynchronous order process flows, especially for [[Barbican/Blueprints/ssl-certificates|SSL certification generation involving interacting with a certification authority (CA)]]. The following figure depicts asynchronous processing by the Barbican Core worker process, invoked via RPC calls from the oslo.messaging queue service.&lt;br /&gt;
&lt;br /&gt;
[[File:async-ssl-cert-plugin.jpg|framed|center|Asynchronous Order Processing Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
For SSL certification generation, more than one vendor plugin may be available such as for Dogtag or Symantec, hence the order's details should include which vendor to use for the selection criteria, or else Barbican should support specifying a default vendor/plugin to use. The same vendor plugin could be use to validate inputs (esp. for the many fields needed for a CSR) as well as for asynchronous worker-side order processing.&lt;br /&gt;
&lt;br /&gt;
Barbican then retrieves any state associated with a given order instance, probably via order meta data information stored along with the order record. The plugin could define this status as key/value pairs for example. Since the same plugin may be called multiple times for the same order instance, this persisted state might include a state machine state name that directs which business logic to use within the vendor plugin. If the order instance needs to 'link' to an external system's order reference (such as for Symantec) this could be stored in the meta data as well (as determined by the plugin).&lt;br /&gt;
&lt;br /&gt;
Next Barbican Core must provide IoC components to allow plugins to perform system interaction (such as database updates and event notification) without them directly accessing these critical core components. As depicted in the figure, one IoC handler could present specific methods such as 'notify_ssl_cert_is_ready()' which are handled by Barbican Core as simple log messages for out-of-the-box deployments, or else as CADF messages sent via oslo incubator or Ceilometer for external systems to consume in deployment/company-specific ways. Another IoC handler could 'wrap' data model operations such as 'generate_private_key()' which Barbican Core would implement as a generate/encrypt/store operation in the crypto package. &lt;br /&gt;
&lt;br /&gt;
The order processing plugin can be invoked, perhaps routing flow based on the previous state information, such as for state machine processing for SSL certification processing. The plugin might respond with a status that the Barbican Core logic could use to determine what to do with the plugin next...for example, 'Done' might indicate order processing is completed, 'Continue' might mean persist plugin state with the order for a future plugin call (say via invoked scheduled batch update from the CA), and 'Retry' might mean call the plugin again at a future time to retry an operation.&lt;br /&gt;
&lt;br /&gt;
== Scheduled and Batch Processing ==&lt;br /&gt;
&lt;br /&gt;
The discussion so far has focused on synchronous and asynchronous invocation of plugins for a given workflow or order instance, but some processes might require batch processing across multiple instances. For example, SSL certification processing may involve requesting status from a CA on a scheduled basis. This status might be a batch of multiple SSL certificate orders at once, so Barbican would need to iterate through these order statuses and individually invoke plugin tasks for them. The plugin might provide a batch method that Barbican Core could invoke on a scheduled basis, with a callback function passed in that the plugin calls for each order instance seen in the batch. Barbican Core would implement the callback by enqueueing a plugin RPC task for a worker nodes to process.&lt;br /&gt;
&lt;br /&gt;
== Plugin Source Code Organization ==&lt;br /&gt;
&lt;br /&gt;
The term 'Barbican Core' refers to code found in the [https://github.com/stackforge/barbican stackforge/barbican repository] and includes logic supported the left hand side of the figures above, and an abstract base class defining the interactions to the plugins in the middle of the diagrams. Core should also always include simple example and standalone plugin implementations that are enabled out-of-the-box on local installations. They shouldn't require network access to function and demonstrate, should be well unit-tested and should provide a good example to developers of new plugins. &lt;br /&gt;
&lt;br /&gt;
Beyond these simple default plugins however, it is not as obvious how to manage specific plugin implementations' source code. On one hand it is convenient to bundle with Core source code for specific plugin implementations that are likely to be used for production Barbican installations. For example, Barbican Core does currently include PKCS11 and Dogtag based crypto plugins. On the other hand, these plugins usually have dependencies on libraries that are not part of the OpenStack global requirements, and therefore have to accommodate out-of-the-box deployments that don't have those dependencies installed. Hence thorough unit testing is more difficult (via patching) and code logic is a bit more complicated to deal with missing imports. &lt;br /&gt;
&lt;br /&gt;
Another option is to create separate git repositories for the plugin implementation source files, with a dependency on the Barbican Core source base such as to extend abstract plugin contracts. This approach would simplify the Barbican Core code base, but would require integrating multiple repositories for testing purposes. It would also require mechanisms to extend Barbican to include these external dependencies at package time. This is explored in the next section.&lt;br /&gt;
&lt;br /&gt;
== Discovering 3rd Party Plugins ==&lt;br /&gt;
&lt;br /&gt;
With the bundled crypto plugin implementations that Barbican Core includes now (such as PKCS11 and Dogtag), activating them for usage just requires including their dependencies in the deployed Python package or deployment, and then enabling them via configurations in the /etc/barbican/barbican-api.conf file. Stevedore provides the ability to load these plugins and then to select/use them at run time. &lt;br /&gt;
&lt;br /&gt;
For plugins developed outside of Barbican Core, Stevedore could still be used and in addition to installing non-OpenStack dependencies and adding configuration items to barbican-api.conf, would also require adding a setup.cfg file that defines the new plugin namespaces, aliases and classpaths. A new custom-deployment package could then be created and installed. &lt;br /&gt;
&lt;br /&gt;
Another option is to use a plugin module discovery process similar to the Heat project's Resource discovery. Heat defines a folder location that is searched for new Resources, in the form of Python source files that extend a base Resource.&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51095</id>
		<title>Barbican/Discussion-Plugin-Design</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51095"/>
				<updated>2014-05-05T00:41:51Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added sych/async sentence in first paragraph.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Contents ==&lt;br /&gt;
&lt;br /&gt;
'''This wiki page is a work in progress, intended to get contributors thinking about how to manage Barbican plugins and workflows for the Juno effort and beyond.'''&lt;br /&gt;
&lt;br /&gt;
This page explores design concepts for Barbican plugin interfaces. Barbican currently uses plugins to interface with cryptographic resources such as hardware security modules (HSMs). This page also discusses how the plugin approach could accommodate the planned addition of SSL certificate generation and management to the ''orders'' resource.&lt;br /&gt;
&lt;br /&gt;
== Overview ==&lt;br /&gt;
&lt;br /&gt;
The following figure depicts a generic plugin dataflow within Barbican. Note the separation of 'core' Barbican functionality (available in the main Barbican repository and representing work done on behalf of plugins) from 'plugin' functionality to perform some type of work, which might include interaction with external services. Plugins can be invoked via synchronous or asynchronous processes, such as for encryption/decryption/validation or for order processing, respectively. The source code for these 'plugins' may or may not be available in the Barbican code base.&lt;br /&gt;
&lt;br /&gt;
[[File:general-plugin-flow.jpg|framed|center|Generic Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
Focusing on Barbican Core, a plugin must be selectable from more than one potential implementing plugin based on some criteria, such as first one to support a feature. Plugin selection is discussed in a later section. &lt;br /&gt;
&lt;br /&gt;
Barbican must then provide inputs to the plugin to do its work. If the plugin is stateful across multiple calls to the plugin, then Barbican should store this state on the plugin's behalf, keying this data to an flow instance such as a specific order process. Note that Barbican may also pass an 'inversion of control' (IoC) component into the plugin, which would allow the plugin to interact with Barbican services (such as event generation) without knowledge of how Barbican implements these services. &lt;br /&gt;
&lt;br /&gt;
When the plugin is invoked, the plugin performs its work, which may include interacting with an external service. For synchronous work flows (such as Barbican API processing), these service calls should be made as fast as possible since the response back to the client will be blocked until they complete. &lt;br /&gt;
&lt;br /&gt;
Once a plugin returns, Barbican Core can persist the results. State can also be persisted into the Barbican Core data store if required for follow on plugin calls (such as extended workflow processing of a given SSL certificate). Barbican Core could also support if a plugin needs to be called again on a scheduled basis.&lt;br /&gt;
&lt;br /&gt;
== Asynchronous Order Processing Plugins  ==&lt;br /&gt;
&lt;br /&gt;
The Overview section detailed Barbican plugin flows. This section adds more detail for asynchronous order process flows, especially for [[Barbican/Blueprints/ssl-certificates|SSL certification generation involving interacting with a certification authority (CA)]]. The following figure depicts asynchronous processing by the Barbican Core worker process, invoked via RPC calls from the oslo.messaging queue service.&lt;br /&gt;
&lt;br /&gt;
[[File:async-ssl-cert-plugin.jpg|framed|center|Asynchronous Order Processing Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
For SSL certification generation, more than one vendor plugin may be available such as for Dogtag or Symantec, hence the order's details should include which vendor to use for the selection criteria, or else Barbican should support specifying a default vendor/plugin to use.&lt;br /&gt;
&lt;br /&gt;
Barbican then retrieves any state associated with a given order instance, probably via order meta data information stored along with the order record. The plugin could define this status as key/value pairs for example. Since the same plugin may be called multiple times for the same order instance, this persisted state might include a state machine state name that directs which business logic to use within the vendor plugin. If the order instance needs to 'link' to an external system's order reference (such as for Symantec) this could be stored in the meta data as well (as determined by the plugin).&lt;br /&gt;
&lt;br /&gt;
Next Barbican Core must provide IoC components to allow plugins to perform system interaction (such as database updates and event notification) without them directly accessing these critical core components. As depicted in the figure, one IoC handler could present specific methods such as 'notify_ssl_cert_is_ready()' which are handled by Barbican Core as simple log messages for out-of-the-box deployments, or else as CADF messages sent via oslo incubator or Ceilometer for external systems to consume in deployment/company-specific ways. Another IoC handler could 'wrap' data model operations such as 'generate_private_key()' which Barbican Core would implement as a generate/encrypt/store operation in the crypto package. &lt;br /&gt;
&lt;br /&gt;
The order processing plugin can be invoked, perhaps routing flow based on the previous state information, such as for state machine processing for SSL certification processing. The plugin might respond with a status that the Barbican Core logic could use to determine what to do with the plugin next...for example, 'Done' might indicate order processing is completed, 'Continue' might mean persist plugin state with the order for a future plugin call (say via invoked scheduled batch update from the CA), and 'Retry' might mean call the plugin again at a future time to retry an operation.&lt;br /&gt;
&lt;br /&gt;
== Scheduled and Batch Processing ==&lt;br /&gt;
&lt;br /&gt;
The discussion so far has focused on synchronous and asynchronous invocation of plugins for a given workflow or order instance, but some processes might require batch processing across multiple instances. For example, SSL certification processing may involve requesting status from a CA on a scheduled basis. This status might be a batch of multiple SSL certificate orders at once, so Barbican would need to iterate through these order statuses and individually invoke plugin tasks for them. The plugin might provide a batch method that Barbican Core could invoke on a scheduled basis, with a callback function passed in that the plugin calls for each order instance seen in the batch. Barbican Core would implement the callback by enqueueing a plugin RPC task for a worker nodes to process.&lt;br /&gt;
&lt;br /&gt;
== Plugin Source Code Organization ==&lt;br /&gt;
&lt;br /&gt;
The term 'Barbican Core' refers to code found in the [https://github.com/stackforge/barbican stackforge/barbican repository] and includes logic supported the left hand side of the figures above, and an abstract base class defining the interactions to the plugins in the middle of the diagrams. Core should also always include simple example and standalone plugin implementations that are enabled out-of-the-box on local installations. They shouldn't require network access to function and demonstrate, should be well unit-tested and should provide a good example to developers of new plugins. &lt;br /&gt;
&lt;br /&gt;
Beyond these simple default plugins however, it is not as obvious how to manage specific plugin implementations' source code. On one hand it is convenient to bundle with Core source code for specific plugin implementations that are likely to be used for production Barbican installations. For example, Barbican Core does currently include PKCS11 and Dogtag based crypto plugins. On the other hand, these plugins usually have dependencies on libraries that are not part of the OpenStack global requirements, and therefore have to accommodate out-of-the-box deployments that don't have those dependencies installed. Hence thorough unit testing is more difficult (via patching) and code logic is a bit more complicated to deal with missing imports. &lt;br /&gt;
&lt;br /&gt;
Another option is to create separate git repositories for the plugin implementation source files, with a dependency on the Barbican Core source base such as to extend abstract plugin contracts. This approach would simplify the Barbican Core code base, but would require integrating multiple repositories for testing purposes. It would also require mechanisms to extend Barbican to include these external dependencies at package time. This is explored in the next section.&lt;br /&gt;
&lt;br /&gt;
== Discovering 3rd Party Plugins ==&lt;br /&gt;
&lt;br /&gt;
With the bundled crypto plugin implementations that Barbican Core includes now (such as PKCS11 and Dogtag), activating them for usage just requires including their dependencies in the deployed Python package or deployment, and then enabling them via configurations in the /etc/barbican/barbican-api.conf file. Stevedore provides the ability to load these plugins and then to select/use them at run time. &lt;br /&gt;
&lt;br /&gt;
For plugins developed outside of Barbican Core, Stevedore could still be used and in addition to installing non-OpenStack dependencies and adding configuration items to barbican-api.conf, would also require adding a setup.cfg file that defines the new plugin namespaces, aliases and classpaths. A new custom-deployment package could then be created and installed. &lt;br /&gt;
&lt;br /&gt;
Another option is to use a plugin module discovery process similar to the Heat project's Resource discovery. Heat defines a folder location that is searched for new Resources, in the form of Python source files that extend a base Resource.&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	<entry>
		<id>https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51094</id>
		<title>Barbican/Discussion-Plugin-Design</title>
		<link rel="alternate" type="text/html" href="https://wiki.openstack.org/w/index.php?title=Barbican/Discussion-Plugin-Design&amp;diff=51094"/>
				<updated>2014-05-05T00:07:55Z</updated>
		
		<summary type="html">&lt;p&gt;Woodster: Added discovering 3rd party plugins section.&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;== Contents ==&lt;br /&gt;
&lt;br /&gt;
'''This wiki page is a work in progress, intended to get contributors thinking about how to manage Barbican plugins and workflows for the Juno effort and beyond.'''&lt;br /&gt;
&lt;br /&gt;
This page explores design concepts for Barbican plugin interfaces. Barbican currently uses plugins to interface with cryptographic resources such as hardware security modules (HSMs). This page also discusses how the plugin approach could accommodate the planned addition of SSL certificate generation and management to the ''orders'' resource.&lt;br /&gt;
&lt;br /&gt;
== Overview ==&lt;br /&gt;
&lt;br /&gt;
The following figure depicts a generic plugin dataflow within Barbican. Note the separation of 'core' Barbican functionality (available in the main Barbican repository and representing work done on behalf of plugins) from 'plugin' functionality to perform some type of work, which might include interaction with external services. The source code for these 'plugins' may or may not be available in the Barbican code base.&lt;br /&gt;
&lt;br /&gt;
[[File:general-plugin-flow.jpg|framed|center|Generic Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
Focusing on Barbican Core, a plugin must be selectable from more than one potential implementing plugin based on some criteria, such as first one to support a feature. Plugin selection is discussed in a later section. &lt;br /&gt;
&lt;br /&gt;
Barbican must then provide inputs to the plugin to do its work. If the plugin is stateful across multiple calls to the plugin, then Barbican should store this state on the plugin's behalf, keying this data to an flow instance such as a specific order process. Note that Barbican may also pass an 'inversion of control' (IoC) component into the plugin, which would allow the plugin to interact with Barbican services (such as event generation) without knowledge of how Barbican implements these services. &lt;br /&gt;
&lt;br /&gt;
When the plugin is invoked, the plugin performs its work, which may include interacting with an external service. For synchronous work flows (such as Barbican API processing), these service calls should be made as fast as possible since the response back to the client will be blocked until they complete. &lt;br /&gt;
&lt;br /&gt;
Once a plugin returns, Barbican Core can persist the results. State can also be persisted into the Barbican Core data store if required for follow on plugin calls (such as extended workflow processing of a given SSL certificate). Barbican Core could also support if a plugin needs to be called again on a scheduled basis.&lt;br /&gt;
&lt;br /&gt;
== Asynchronous Order Processing Plugins  ==&lt;br /&gt;
&lt;br /&gt;
The Overview section detailed Barbican plugin flows. This section adds more detail for asynchronous order process flows, especially for [[Barbican/Blueprints/ssl-certificates|SSL certification generation involving interacting with a certification authority (CA)]]. The following figure depicts asynchronous processing by the Barbican Core worker process, invoked via RPC calls from the oslo.messaging queue service.&lt;br /&gt;
&lt;br /&gt;
[[File:async-ssl-cert-plugin.jpg|framed|center|Asynchronous Order Processing Plugin Data Flow]]&lt;br /&gt;
&lt;br /&gt;
For SSL certification generation, more than one vendor plugin may be available such as for Dogtag or Symantec, hence the order's details should include which vendor to use for the selection criteria, or else Barbican should support specifying a default vendor/plugin to use.&lt;br /&gt;
&lt;br /&gt;
Barbican then retrieves any state associated with a given order instance, probably via order meta data information stored along with the order record. The plugin could define this status as key/value pairs for example. Since the same plugin may be called multiple times for the same order instance, this persisted state might include a state machine state name that directs which business logic to use within the vendor plugin. If the order instance needs to 'link' to an external system's order reference (such as for Symantec) this could be stored in the meta data as well (as determined by the plugin).&lt;br /&gt;
&lt;br /&gt;
Next Barbican Core must provide IoC components to allow plugins to perform system interaction (such as database updates and event notification) without them directly accessing these critical core components. As depicted in the figure, one IoC handler could present specific methods such as 'notify_ssl_cert_is_ready()' which are handled by Barbican Core as simple log messages for out-of-the-box deployments, or else as CADF messages sent via oslo incubator or Ceilometer for external systems to consume in deployment/company-specific ways. Another IoC handler could 'wrap' data model operations such as 'generate_private_key()' which Barbican Core would implement as a generate/encrypt/store operation in the crypto package. &lt;br /&gt;
&lt;br /&gt;
The order processing plugin can be invoked, perhaps routing flow based on the previous state information, such as for state machine processing for SSL certification processing. The plugin might respond with a status that the Barbican Core logic could use to determine what to do with the plugin next...for example, 'Done' might indicate order processing is completed, 'Continue' might mean persist plugin state with the order for a future plugin call (say via invoked scheduled batch update from the CA), and 'Retry' might mean call the plugin again at a future time to retry an operation.&lt;br /&gt;
&lt;br /&gt;
== Scheduled and Batch Processing ==&lt;br /&gt;
&lt;br /&gt;
The discussion so far has focused on synchronous and asynchronous invocation of plugins for a given workflow or order instance, but some processes might require batch processing across multiple instances. For example, SSL certification processing may involve requesting status from a CA on a scheduled basis. This status might be a batch of multiple SSL certificate orders at once, so Barbican would need to iterate through these order statuses and individually invoke plugin tasks for them. The plugin might provide a batch method that Barbican Core could invoke on a scheduled basis, with a callback function passed in that the plugin calls for each order instance seen in the batch. Barbican Core would implement the callback by enqueueing a plugin RPC task for a worker nodes to process.&lt;br /&gt;
&lt;br /&gt;
== Plugin Source Code Organization ==&lt;br /&gt;
&lt;br /&gt;
The term 'Barbican Core' refers to code found in the [https://github.com/stackforge/barbican stackforge/barbican repository] and includes logic supported the left hand side of the figures above, and an abstract base class defining the interactions to the plugins in the middle of the diagrams. Core should also always include simple example and standalone plugin implementations that are enabled out-of-the-box on local installations. They shouldn't require network access to function and demonstrate, should be well unit-tested and should provide a good example to developers of new plugins. &lt;br /&gt;
&lt;br /&gt;
Beyond these simple default plugins however, it is not as obvious how to manage specific plugin implementations' source code. On one hand it is convenient to bundle with Core source code for specific plugin implementations that are likely to be used for production Barbican installations. For example, Barbican Core does currently include PKCS11 and Dogtag based crypto plugins. On the other hand, these plugins usually have dependencies on libraries that are not part of the OpenStack global requirements, and therefore have to accommodate out-of-the-box deployments that don't have those dependencies installed. Hence thorough unit testing is more difficult (via patching) and code logic is a bit more complicated to deal with missing imports. &lt;br /&gt;
&lt;br /&gt;
Another option is to create separate git repositories for the plugin implementation source files, with a dependency on the Barbican Core source base such as to extend abstract plugin contracts. This approach would simplify the Barbican Core code base, but would require integrating multiple repositories for testing purposes. It would also require mechanisms to extend Barbican to include these external dependencies at package time. This is explored in the next section.&lt;br /&gt;
&lt;br /&gt;
== Discovering 3rd Party Plugins ==&lt;br /&gt;
&lt;br /&gt;
With the bundled crypto plugin implementations that Barbican Core includes now (such as PKCS11 and Dogtag), activating them for usage just requires including their dependencies in the deployed Python package or deployment, and then enabling them via configurations in the /etc/barbican/barbican-api.conf file. Stevedore provides the ability to load these plugins and then to select/use them at run time. &lt;br /&gt;
&lt;br /&gt;
For plugins developed outside of Barbican Core, Stevedore could still be used and in addition to installing non-OpenStack dependencies and adding configuration items to barbican-api.conf, would also require adding a setup.cfg file that defines the new plugin namespaces, aliases and classpaths. A new custom-deployment package could then be created and installed. &lt;br /&gt;
&lt;br /&gt;
Another option is to use a plugin module discovery process similar to the Heat project's Resource discovery. Heat defines a folder location that is searched for new Resources, in the form of Python source files that extend a base Resource.&lt;/div&gt;</summary>
		<author><name>Woodster</name></author>	</entry>

	</feed>