19:56:57 <jraim> #startmeeting barbican 19:56:58 <openstack> Meeting started Mon Feb 24 19:56:57 2014 UTC and is due to finish in 60 minutes. The chair is jraim. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:57:00 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 19:57:02 <openstack> The meeting name has been set to 'barbican' 19:57:16 <jraim> alright, who all is around for the barbican meeting? 19:57:23 <hgedikli> i'm here 19:57:24 <redrobot> o/ 19:57:28 <reaperhulk> o/ 19:57:46 <SheenaG___> o/ 19:58:01 <chadlung> o/ 19:58:07 <jraim> cool, let's give people a couple of minutes and we'll get started 19:58:28 <jvrbanac> o/ 19:59:59 <jraim> ok, it' 20:00:05 <jraim> s five after 20:00:09 <jraim> I think we can get rolling 20:00:14 <woodster1> o/ 20:00:22 <reaperhulk> five after? What clock are you using. 20:00:25 <reaperhulk> it's exactly 2pm 20:00:36 <jraim> really, my machine is saying 2:05 20:00:39 <jraim> weird 20:00:43 <jraim> okay, I'll wait then :) 20:00:45 <reaperhulk> Time to go ask about internal NTP :D 20:01:07 <jraim> we probably just filtered it 20:02:29 <redrobot> #action jraim will check his clock 20:02:50 <atiwari> jraim, any update on RSA/access key generation 20:03:00 <atiwari> like link https://etherpad.openstack.org/p/create-multi-part-rsa-secrets-with-order? 20:03:07 <jraim> wow, I'm still getting network errors 20:03:14 <atiwari> this the mu proposal 20:03:22 <atiwari> my 20:05:00 <reaperhulk> Okay jraim is having technical difficulties so the terrible burden of running this meeting now falls to me 20:05:14 <reaperhulk> Item the first! Barbican incubation status 20:05:28 <redrobot> #topic incubation status 20:05:29 <reaperhulk> chadlung, could you just give us a quick summary of what has happened since last week? 20:05:37 <reaperhulk> Thank you robot minion 20:06:03 <chadlung> WE have two PRs open for DevStack #link https://review.openstack.org/#/c/74530/ #link https://review.openstack.org/#/c/70512/ 20:06:29 <chadlung> Both have been reviewed, not sure which will be merged first 20:07:03 <reaperhulk> I believe jraim is following up with the TC as well to make sure there's nothing else that has come up in the meantime. Is anyone aware of outstanding work remaining or are we just waiting now? 20:07:21 <chadlung> We are just waiting and have been for a while. 20:07:43 <chadlung> Modifications to the one PR were done this past Friday, the other PR has been in there for a few weeks now 20:08:17 <reaperhulk> Just in time jraim_argh, we got a status update from chadlung on devstack/incubation stuff and our understanding is that we have no blockers on our end 20:08:33 <jraim_argh> right, I think we just need to pink #infra to merge the change 20:08:39 <jraim_argh> and we should be good to go 20:09:49 <reaperhulk> Topic 2: RSA/key gen blueprints. atiwari has put up some thoughts and the rackspace team met late last week to talk a bit about it and put together some additional ideas. I believe that will be put up as a blueprint soon: woodster1, do you know when that might be ready? 20:10:11 <woodster1> I can put that up later today 20:10:57 <reaperhulk> atiwari, if that's up later today then we can use that to guide the conversation tomorrow/later this week and make sure we've covered your use cases. Does that sound fair? 20:11:28 <atiwari> sure, this is kind of p0 for me. sooner the better 20:11:30 <atiwari> :) 20:12:21 <redrobot> #action woodster1 to upload rsa keygen blueprint 20:12:51 <atiwari> one more thing I would like to bring here which I have added in #link https://blueprints.launchpad.net/barbican/+spec/secret-isolation-at-user-level 20:13:05 <atiwari> and wanted to know what you guys think about it 20:13:41 <atiwari> thoughts? 20:14:05 <jraim_argh> atiwari I'm fine with starting this conversation. As long as the auth/auth stays with keystone, I don't see an inherent problem 20:14:17 <jraim_argh> we all want to be able to limit keys more than project/tenant 20:14:33 <jraim_argh> for lots of reasons including agents 20:14:41 <jraim_argh> so let's start talking about how to do that 20:14:51 <atiwari> yes, jraim auth will be in keystone and authz will done by oslo policy 20:15:04 <atiwari> great 20:15:15 <atiwari> I will add my proposal in the bp 20:15:23 <atiwari> sounds OK? 20:15:43 <reaperhulk> Yep, I'm definitely interested in any proposal that involves leveraging existing openstack authn/authz to add user level RBAC for us :) 20:15:43 <jraim_argh> yep, toss it up and we can start talking about it 20:16:00 <woodster1> agreed 20:16:08 <atiwari> awesome 20:16:24 <reaperhulk> Any other business? 20:16:27 <atiwari> are you guys are OK with API change to address this ? 20:17:06 <atiwari> or rather let me add an etherpad with my proposals 20:17:06 <jraim_argh> that's part of the conversation. I'd rather avoid anything breaking, but additional api options seems like it would be okay 20:17:18 <atiwari> ok 20:18:33 <jraim_argh> perfect 20:21:16 <jraim_argh> alright, I might be missing more stuff, but anyone have anything else? 20:21:25 <atiwari> not from my side 20:21:55 <jraim_argh> alright, let's move back to #barbican 20:22:11 <jraim> #endmeeting