Difference between revisions of "Meetings/KeystoneMeeting"
< Meetings
(→Main Agenda) |
DavidStanek (talk | contribs) (→Main Agenda) |
||
Line 24: | Line 24: | ||
** HTTP caching support | ** HTTP caching support | ||
*** client -> https://review.openstack.org/#/c/211396/ | *** client -> https://review.openstack.org/#/c/211396/ | ||
+ | *** server -> https://review.openstack.org/#/c/211693/ | ||
+ | *** result -> http://paste.openstack.org/raw/412596/ | ||
+ | *** Spec is next step | ||
** X.509 Tokenless Authz needs a verdict <code>(gyee)</code> | ** X.509 Tokenless Authz needs a verdict <code>(gyee)</code> | ||
*** "You have that luxury. You have the luxury of not knowing what I know. That service user account's death, while tragic, probably saved lives. And X.509 tokenless authz's existence, while grotesque and incomprehensible to you, saves lives. You don't want the truth because deep down in places you don't talk about at parties, you want it on your next deployment, you need it on your next deployment." -- gyee's motivational speech, paraphrasing Col. Jessep (A Few Good Men) | *** "You have that luxury. You have the luxury of not knowing what I know. That service user account's death, while tragic, probably saved lives. And X.509 tokenless authz's existence, while grotesque and incomprehensible to you, saves lives. You don't want the truth because deep down in places you don't talk about at parties, you want it on your next deployment, you need it on your next deployment." -- gyee's motivational speech, paraphrasing Col. Jessep (A Few Good Men) |
Revision as of 18:00, 11 August 2015
Contents
Weekly Keystone team meeting
If you're interested in identity, authentication, authorization, and/or policy for OpenStack, we hold public meetings weekly on IRC in #openstack-meeting
, on Tuesdays at 18:00 UTC. Please feel free to add items to the agenda below with your name and we'll cover them.
Regular attendees
Add yourself to this list to be pinged prior to each meeting:
ajayaa, amakarov, ayoung, breton, browne, davechen, david8hu, dolphm, dstanek, ericksonsantos, geoffarnold, gyee, henrynash, hogepodge, htruta, jamielennox, joesavak, lbragstad, lhcheng, marekd, morganfainberg, nkinder, raildo, rharwood, rodrigods, roxanaghe, samueldmq, stevemar, topol, wanghong
Agenda for next meeting
Main Agenda
Please add agenda items to the bottom of this section's list (be sure to include your irc_handle
!).
- 2015-08-11
- Centralized Policies Distribution
(ayoung, samueldmq)
- Operators Feedback (https://www.mail-archive.com/openstack-operators@lists.openstack.org/msg02805.html)
- SFE decision (https://www.mail-archive.com/openstack-dev@lists.openstack.org/msg57416.html)
- Spec/code review (https://review.openstack.org/#/q/status:open+branch:master+topic:bp/dynamic-policies-delivery,n,z)
- Raising an exception if no domain specified on user/group/project create
(henrynash)
- https://bugs.launchpad.net/keystone/+bug/1482330 with the proposed https://review.openstack.org/#/c/209848/
- Question is whether this is OK to just do...or should we have a cycle of given a deprecate warning for this undocumented use of default domain
- HTTP caching support
- client -> https://review.openstack.org/#/c/211396/
- server -> https://review.openstack.org/#/c/211693/
- result -> http://paste.openstack.org/raw/412596/
- Spec is next step
- X.509 Tokenless Authz needs a verdict
(gyee)
- "You have that luxury. You have the luxury of not knowing what I know. That service user account's death, while tragic, probably saved lives. And X.509 tokenless authz's existence, while grotesque and incomprehensible to you, saves lives. You don't want the truth because deep down in places you don't talk about at parties, you want it on your next deployment, you need it on your next deployment." -- gyee's motivational speech, paraphrasing Col. Jessep (A Few Good Men)
- https://review.openstack.org/#/c/156870/
- Client-side implementation
(breton)
- Bug 1482701 - Federation: user's name in rules not respected
(lbragstad, marekd)
- Bug Report: https://bugs.launchpad.net/keystone/+bug/1482701
- Reproducible with both UUID token and Fernet token formats
- Fix for UUID token provider: https://review.openstack.org/#/c/211093/
- Need to determine if we are OK with sticking the username as well as the user ID in the Fernet token format for scoped tokens. One workaround, as discussed with odyssey4me on IRC, is to ensure the user name and the user IDs are the same (http://goo.gl/uh6XZq). Other wise, we need a way to ensure the user name is persisted in the case of the Fernet token, which would probably be adding it to the existing token formats (https://goo.gl/u4c8j5).
- Centralized Policies Distribution
Review of Keystone Blueprints for No-Spec Requires Status
Please add BPs to the bottom of this sections list that should be reviewed as not requiring a spec (include your irc_handle
!).
Keystone Weekly Bug Reports
Bugs for the various Keystone repositories are collects and published to the following links. (lbragstad
)
Previous meetings
Logs and meeting summaries of previous meetings are located here.