#openstack-meeting-alt log

18:57:47 <jraim> #startmeeting barbican
18:57:48 <openstack> Meeting started Mon Mar 10 18:57:47 2014 UTC and is due to finish in 60 minutes.  The chair is jraim. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:57:49 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:57:51 <openstack> The meeting name has been set to 'barbican'
18:57:56 <jraim> hi all
18:58:03 <jraim> who is here for the barbican meeting?
18:58:05 <jvrbanac> o/
18:58:49 <jraim> ha, okay...let's give people some time to get in :)
18:58:57 <dstufft> o/
18:59:00 <lisaclark> o/
18:59:01 <woodster2> o/
18:59:02 <chadlung> 0/
18:59:09 <jvrbanac> there we go
18:59:12 <jvrbanac> :)
18:59:47 <jraim> everyone shows up at once
19:00:01 <jraim> chadlung: has a large head for some reason
19:00:12 <jraim> 0/ o/
19:00:28 <chadlung> I was abducted by greys, they increased my brain power ;-)
19:00:54 <jraim> hgedikli_: hgedikli atiwari
19:00:56 <jraim> you guys around
19:01:02 <hgedikli> yes
19:01:14 <atiwari> yes
19:01:18 <jraim> okay, this is probably the crew for today
19:01:25 <jraim> so a quick updated on our incubation
19:01:40 <jraim> we have gotten the necessary votes to get incubated
19:01:40 <jraim> https://review.openstack.org/#/c/77647/
19:01:44 <jraim> yay us!
19:01:53 <hgedikli> awesome!!!
19:01:59 <jraim> so we just need to wait for ttx to get back from vacation to merge it
19:02:03 <lisaclark> woohoo!  go barbicaneers!
19:02:12 <jraim> unless he is paying attention for some reason and wants to do it now :)
19:02:29 <jraim> there might be a small discussion about barbican at the TC meeting tomorrow, but we should be good to go
19:02:41 <jraim> the only major tasks for us right now are:
19:02:47 <jraim> * Tempest testing in the gate
19:02:57 <jraim> * KDS / Kite integration (e.g. movign them over from keystone)
19:03:11 <jraim> * Moving to Pecan / WSME if it is decided it is a stanard
19:03:23 <jraim> so not too much at the moment
19:03:31 <jraim> as we are waiting to see what the deal is for Pecan
19:03:54 <jraim> so that's my update, what else do we want to talk about
19:04:07 <chadlung> I think Vrbanac and I have figured out the Tempest issues (which a uWSGI thing)
19:04:35 <jraim> hgedikli: I saw the docs that you put up for containers...we'll take a look at those
19:04:38 <jraim> chadlung: oh good
19:04:40 <jvrbanac> chadlung, agreed. We just need to merge in our changes for uwsgi
19:04:45 <hgedikli> jraim : is there any work on your side about certs or dogtag integration?
19:04:50 <chadlung> Would be a small modification to the DEvStack script (Barbican repo) and then addingback Vrbanac's code
19:05:05 <jraim> hgedikli: we are working on extending the orders api to allow for ssl
19:05:19 <jraim> and I've seen the work that alee did for dogtag
19:05:34 <jraim> I think the next step on that is for them to build the plugin, which seems like it will be pretty easy
19:06:07 <jraim> we still have the key wrapping work on our plate
19:06:11 <hgedikli> build the plugin for dogtag?
19:06:14 <jraim> but that hasn't been started yet
19:06:15 <jraim> yes
19:06:24 <jraim> so there is a python lib to talk with dogtag now
19:06:35 <atiwari> jarim, no rush but looking for your feedback on link:https://etherpad.openstack.org/p/secret-isolation-at-user-level too
19:06:53 <jraim> to finish integrating it into barbican, we just need to implement the plugin api in barbican so that it uses that lib
19:06:53 <atiwari> based on some agreement I have to start some POC
19:07:07 <hgedikli> do we have a generic interface defined for certs? something like i was thinking we can implement and each plugin would implement the same interface and they would know how to talk to dogtag, or openssl or something else
19:07:09 <jraim> atiwari: great, I'll take another look
19:07:36 <jraim> hgedikli: I think the current plan is to extend orders to accept an order for an SSL cert
19:07:40 <jraim> that is generic
19:07:58 <jraim> based on the type of cert requested, barbican will route that request to the correct plugin for fulfillment
19:08:10 <hgedikli> i see
19:08:33 <jraim> so if you ask for a cert from a public CA, you'll get symantec, but an internal CA would get routed to dogtag, etc.
19:08:41 <jraim> someone correct me if I'm wrong about that
19:08:49 <chadlung> jraim: that sounds correct
19:09:07 <jraim> I don't think we've documented the json yet, but I think that would be the next step
19:09:26 <atiwari> hgedikli this is how API wd look link:https://gist.github.com/jfwood/9080109
19:09:28 <jraim> throw up what an order for SSL woudl look like in an etherpad or whatever and we can all take a swing at it
19:09:29 <atiwari> for cert
19:09:57 <jraim> oh right, forgot that was up
19:10:04 <jraim> so we need to vet that a bit and polish it
19:10:06 <hgedikli> atiwari : for cert it's TBD
19:10:15 <chadlung> jraim: we are planning to flush out more of the flow, etc and then put it up for public review
19:10:22 <jraim> chadlung: cool
19:10:25 <hgedikli> ok sounds good
19:10:25 <atiwari> correct , cert is in phase 2
19:10:41 <atiwari> mentioned in https://blueprints.launchpad.net/barbican/+spec/api-orders-add-more-types
19:10:47 <hgedikli> i'll be working on the event/notification part
19:11:33 <jraim> hgedikli: great
19:11:42 <jraim> do you have a BP up for that yet?
19:11:54 <jraim> we're interested in using the notifications for out of barbican processes like billing for ssl certs
19:12:01 <hgedikli> not yet. hopefully i'll have it up this week
19:12:03 <jraim> so we've got some thoughts on that one too
19:12:04 <jraim> great
19:12:16 <hgedikli> ok
19:12:26 <atiwari> hgedikli, keystone has done some work on event notification . you may want to sync with it
19:12:39 <hgedikli> atiwari : will take a look. thx
19:13:09 <jraim> cool - anything else we want to talk about on the record before heading back to #openstack-barbican?
19:13:24 <hgedikli> one more thing
19:13:27 <jraim> go for it
19:13:48 <hgedikli> do we need to support updates to containers now?
19:14:01 <hgedikli> what's the priority on that?
19:14:01 <jraim> hgedikli: I think the plan was for them to be immutable
19:14:25 <hgedikli> jraim : it was a temporary solution - we decided to support updates eventually
19:14:57 <jraim> okay - I don't have a read on how important that is
19:15:00 <jraim> what do we need it for?
19:15:51 <hgedikli> one use case i see is that if u create a container with only your public key, and later  want to add ur private key or passphrase, right nw it's not possibe
19:16:09 <hgedikli> atiwari : do you need this functionality on your part?
19:16:17 <jraim> right, you would need to create a new container with both
19:16:35 <hgedikli> ok
19:16:48 <atiwari> hgedikli, what mutable container?
19:17:32 <hgedikli> yes
19:17:43 <atiwari> hgedikli, if you are asking for update container, then no
19:17:56 <atiwari> I wd go with delete
19:17:56 <hgedikli> ok sounds good. we'll leave it immutable then
19:18:01 <atiwari> ok
19:18:05 <jraim> great
19:18:08 <jraim> anything else we shoudl cover?
19:18:18 <atiwari> not from muside
19:18:34 <atiwari> my side
19:18:51 <jraim> cool - back to #openstack-barbican
19:18:52 <jraim> thanks all
19:18:55 <jraim> #endmeeting