| opendevreview | Yusuke Niimi proposed openstack/keystone master: OAuth2.0 Client Credentials Grant Flow Support https://review.opendev.org/c/openstack/keystone/+/830739 | 09:10 |
|---|---|---|
| *** dviroel|out is now known as dviroel | 11:22 | |
| *** dasm|off is now known as dasm | 14:31 | |
| dmendiza[m] | #startmeeting keystone | 15:04 |
| opendevmeet | Meeting started Tue Jun 14 15:04:18 2022 UTC and is due to finish in 60 minutes. The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:04 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:04 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:04 |
| dmendiza[m] | #topic Roll Call | 15:04 |
| dmendiza[m] | Courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek | 15:05 |
| xek | o/ | 15:05 |
| h_asahina | o/ | 15:05 |
| knikolla | o/ | 15:05 |
| dmendiza[m] | Hi y'all! | 15:05 |
| dmendiza[m] | Let's get started | 15:06 |
| dmendiza[m] | #topic Review Last Meeting Action Items | 15:06 |
| dmendiza[m] | #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-05-31-15.00.html | 15:06 |
| dmendiza[m] | There was a few | 15:07 |
| dmendiza[m] | > d34dh0r53 talk to dmendiza[m] about next weeks meeting | 15:07 |
| dmendiza[m] | I assume this was about whether or not we were going to meet last week | 15:07 |
| dmendiza[m] | So, no. :) | 15:07 |
| dmendiza[m] | With most folks at the summit, I figured we'd skip the meeting. | 15:07 |
| dmendiza[m] | > d34dh0r53 dmendiza[m] knikolla review meeting logs and discuss https://review.opendev.org/c/openstack/keystone-specs/+/843765/4/specs/keystone/zed/support-oauth2-mtls.rst | 15:08 |
| dmendiza[m] | I probably should've looked at meeting logs | 15:09 |
| dmendiza[m] | so I just learned about this. | 15:09 |
| dmendiza[m] | We'll add it to the agenda to review specs | 15:10 |
| dmendiza[m] | > d34dh0r53 dmendiza[m] knikolla review https://review.opendev.org/c/openstack/keystone-specs/+/334364 | 15:10 |
| knikolla | i've cleared up a lot from my calendar today so i can catch up on reviews :/ | 15:11 |
| dmendiza[m] | Cool | 15:15 |
| dmendiza[m] | I'll add this spec to the spec reviews as well | 15:16 |
| dmendiza[m] | and the last action item | 15:17 |
| dmendiza[m] | > d34dh0r53 ask dmendiza[m] about this bandit line in the agenda | 15:17 |
| dmendiza[m] | > bandit seems to be broken, cannot build keystone from git | 15:17 |
| dmendiza[m] | I think that's what d34dh0r53 was talking about | 15:18 |
| dmendiza[m] | I think admiyo was talking about not being able to run bandit from a fresh clone | 15:18 |
| dmendiza[m] | I can try to do that and see how it goes | 15:19 |
| dmendiza[m] | #action dmendiza[m] to try to run keystone from a fresh clone | 15:19 |
| dmendiza[m] | #topic Liaison Updates | 15:19 |
| dmendiza[m] | I don't have any | 15:19 |
| dmendiza[m] | #topic Summit Recap | 15:20 |
| dmendiza[m] | I unfortunately had to cancel my trip to the Summit | 15:20 |
| dmendiza[m] | Anyone make it to Berlin and want to give a quick recap? | 15:26 |
| dmendiza[m] | I'll take that as a no | 15:29 |
| dmendiza[m] | moving on ... | 15:29 |
| dmendiza[m] | #topic OAuth 2.0 | 15:29 |
| dmendiza[m] | Looks like we still need lots of reviews | 15:29 |
| dmendiza[m] | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:29 |
| dmendiza[m] | Also a new spec | 15:30 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/keystone-specs/+/843765 | 15:30 |
| dmendiza[m] | h_asahina: did you want to talk about these | 15:30 |
| h_asahina | yes | 15:30 |
| h_asahina | I put the brief explanation on agenda 31th May. | 15:31 |
| h_asahina | as I wrote there I've submitted the spec and I've changed the contents from BP I submitted before. | 15:31 |
| h_asahina | https://blueprints.launchpad.net/keystone/+spec/enhance-oauth2-interoperability | 15:31 |
| h_asahina | The reason behind this change is recent update of ETSI NFV SOL013. | 15:32 |
| h_asahina | Like I said before, I came from OpenStack Tacker that is aiming at implementing ETSI NFV standard, | 15:33 |
| h_asahina | and the latest version of that standard forces NFV components like Tacker to implement mutual TLS | 15:33 |
| dmendiza[m] | I haven't had a chance to read the spec, but I think mtls would be a good addition | 15:34 |
| h_asahina | that's glad to hear | 15:35 |
| h_asahina | So, I proposed mutual TLS in Spec | 15:35 |
| h_asahina | but the detailed implementation is not clear in the standard like whether or not we should implement mutual-TLS OAuth2.0 or just mutual-TLS. so, we're confirming it to standarad organization now. | 15:36 |
| h_asahina | Therefore, we might omit some work items listed in the spec, but we won't add additional items. | 15:37 |
| h_asahina | I wrote a kind of the maximum work items as we can imagne. so please kindly review it and hopefully give us your feedback. | 15:38 |
| h_asahina | and I'd like to note that as dmendiza said mutual-TLS will not ruin the security of Keystone. | 15:40 |
| dmendiza[m] | thanks h_asahina | 15:40 |
| dmendiza[m] | Hopefully we'll get back to reviewathons this week | 15:41 |
| dmendiza[m] | and we'll look at the specs | 15:41 |
| h_asahina | great. thanks. | 15:41 |
| dmendiza[m] | #topic Secure RBAC | 15:41 |
| dmendiza[m] | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:41 |
| dmendiza[m] | Ok, took me a second to find the link I needed | 15:47 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/keystone-specs/+/818603 | 15:47 |
| dmendiza[m] | looks like the spec is merged | 15:47 |
| dmendiza[m] | The review needs some TLC | 15:48 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/keystone/+/822601 | 15:48 |
| dmendiza[m] | We'll try to get to those for reviewathon | 15:50 |
| dmendiza[m] | I haven't had a chance to look into what I missed for the Summit with regards to SRBAC | 15:50 |
| dmendiza[m] | Hopefully not to much | 15:51 |
| dmendiza[m] | *too much | 15:51 |
| dmendiza[m] | Moving on ... | 15:51 |
| dmendiza[m] | #topic Gate inherited assignments from parent (bbobrov) | 15:51 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/keystone-specs/+/334364 | 15:51 |
| dmendiza[m] | We should probably review this at reviewathon also | 15:51 |
| *** dviroel is now known as dviroel|lunch | 15:58 | |
| dmendiza[m] | Aaand we're out of time. | 16:01 |
| dmendiza[m] | See y'all Friday for the reviewathon. | 16:02 |
| dmendiza[m] | #endmeeting | 16:02 |
| opendevmeet | Meeting ended Tue Jun 14 16:02:11 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:02 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-06-14-15.04.html | 16:02 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-06-14-15.04.txt | 16:02 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-06-14-15.04.log.html | 16:02 |
| *** dviroel|lunch is now known as dviroel | 17:17 | |
| *** dviroel is now known as dviroel|afk | 20:46 | |
| *** dasm is now known as dasm|off | 21:02 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!