20:01:24 <redrobot> #startmeeting barbican
20:01:25 <openstack> Meeting started Mon Mar  9 20:01:24 2015 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:01:26 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:01:29 <openstack> The meeting name has been set to 'barbican'
20:01:52 <redrobot> #topic Roll Call
20:02:07 <elmiko> yo/
20:02:08 <SheenaG1> o/
20:02:15 <arunkant> o/
20:02:53 <reaperhulk> o/
20:03:13 <hockeynut> o/
20:03:16 <redrobot> not many barbicaneers here
20:03:26 <hockeynut> quality, not quantity?
20:03:29 <redrobot> I guess Daylight Savings Time messed up the meeting time for us
20:03:31 <elmiko> ;)
20:03:35 <SheenaG1> hockeynut: damn straight
20:03:38 <redrobot> hehe
20:03:47 <redrobot> as usual the agenda can be found here:
20:03:57 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican
20:04:08 <redrobot> #topic Review Action Items
20:04:18 <redrobot> #link http://eavesdrop.openstack.org/meetings/barbican/2015/barbican.2015-03-02-20.01.html
20:04:41 <redrobot> arunkant hi!  can you give an update on whether you think per-secret-policy can be completed by Kilo-3
20:05:10 <redrobot> since kilo-3 release is next week, we would ideally want the code to be up for review before the end of the week.
20:05:20 <igueths> o/
20:05:25 <chellygel> o/
20:05:25 <arunkant> redrobot: I have implemented functionality and in process of adding tests for new functionality. Review is available at https://review.openstack.org/#/c/161620/
20:05:53 <alee> o/
20:06:30 <redrobot> arunkant awesome... I'll keep an eye on that review.  If it looks like it might slip past Kilo-3 I might bump it to Liberty.
20:06:54 <redrobot> woodster is out on vacation this week, so i'll bump his action item to next week
20:06:54 <arunkant> redrobot, I will have basic test added by tomorrow..so it can be reviewed from tomorrow evening
20:07:07 <redrobot> #action woodster_ to reach out to Jarret about compliance concerns if we switch to hard deletes
20:07:37 <alee> arunkant, this is for per-secret?
20:07:38 <tkelsey> o/ sorry im late
20:07:46 <arunkant> alee, yes
20:07:48 <redrobot> and the last action item from last week was for me
20:07:55 <alee> excellent
20:08:38 <redrobot> and I was waiting to get some code landed into Castellan before adding it to global-req.  I think we may need a PyPI release before that too.  So I'll have to sync up with rellerreller to see what the progress is on that
20:08:56 <rellerreller> o/ I'm here
20:09:05 <rellerreller> Just got here a minute ago
20:09:07 <redrobot> oh hi rellerreller !
20:09:33 <rellerreller> You're looking for progress on Castellan?
20:09:48 <redrobot> rellerreller yeah, I was trying to herd some cats to get some of those outstanding CRs landed
20:10:01 <redrobot> rellerreller I want to make a PyPI release so that we can add Castellan to global-req
20:10:11 <rellerreller> There is only one left that I see.
20:10:41 <rellerreller> It was the one with "Fix Oslo Deprecation Warnings"
20:11:03 <rellerreller> I don't really know much about what this patch does, so I would need help on that one.
20:11:04 <redrobot> rellerreller is there anything else outstanding that you think would prevent us from doing a 0.0.1 release?
20:11:32 <rellerreller> I will double check with the team, but I can't think of anything at the moment.
20:11:34 <redrobot> rellerreller looks like it's just updating oslo incubator... I can ping rm_work about rebasing
20:11:50 <rellerreller> redrobot sounds good
20:12:02 <redrobot> #action redrobot and rellerreller to coordinate an initial release of Castellan so it can be added to global-requirements.
20:12:09 <rellerreller> redrobot what is oslo incubator?
20:12:57 <redrobot> rellerreller oslo "managed copy paste"...  it's where code lives before it gets released into a proper library.  Looks like the outstanding CR is trying to update some of the "managed copied code"
20:13:46 <redrobot> ok, that's it for action items from last week
20:13:55 <redrobot> #topic Kilo-3
20:13:57 <rellerreller> OK, that sounds good. I'll have to read more about that.
20:14:03 <redrobot> #link https://launchpad.net/barbican/+milestone/kilo-3
20:14:22 <redrobot> Kilo-3 release is just around the corner
20:14:55 <redrobot> So it would be good to get all the outstanding Blueprint code up for review this week.
20:15:22 <redrobot> if there's stuff that won't make it, it would be better to punt it to L sooner rather than later.
20:15:37 <redrobot> arunkant do you know if tsv has made progress in the quota blueprint?
20:16:12 <arunkant> redrobot, last I heard he is working on adding tests
20:16:28 <redrobot> arunkant awesome.  hopefully he can get a CR up this week.
20:17:04 <redrobot> alee any updates on Common Cert API?
20:17:53 <alee> redrobot, none so far.  I'll been pulled off doing pointer arithmetic for awhile.  I should be back on barbican work as of tomorrow though
20:18:05 <alee> redrobot, so I'll be able to make more progress
20:18:24 <redrobot> alee ok, awesome.  I'd really like to get that BP finished before Kilo-3
20:18:30 <alee> me too
20:18:46 <redrobot> rellerreller any updates on the content-types BP?
20:18:57 <rellerreller> Yes, the CR is up and ready for review
20:19:16 <rellerreller> https://review.openstack.org/#/c/160444/
20:19:37 <rellerreller> I noticed a few things while writing the CR.
20:19:42 <redrobot> rellerreller awesome!
20:19:52 <rellerreller> 1. All secrets should be returned in binary format. This is specified on the API page.
20:19:54 <redrobot> rellerreller good thins?
20:19:57 * redrobot crosses fingers
20:20:04 <rellerreller> 2. The Accept-Encoding header is not being used. I think this would be good to support in the future.
20:20:17 <rellerreller> That way you can have base64 or raw binary
20:20:26 <rellerreller> 3. Public and private keys were being generated in PEM format in simple crypto and being returned in that format for testing. kfarr and I fixed that and added a test to make sure that Barbican Core returns in binary format.
20:20:59 <rellerreller> There are a lot more tests now. I think this will help with standardizing the format and encodings.
20:21:17 <alee> rellerreller, how does that affect passphrase encoded private keys?
20:21:56 <rellerreller> It should not affect them.
20:22:11 <redrobot> I'm sure the client will need a lot of work though
20:22:33 <redrobot> rellerreller I went down the rabbit hole of trying to use the Accept-Encoding header for base64 before
20:22:38 <rellerreller> Essentially in simple crypto it generates the keys. If they are encrypted or not still a PKCS8 structure.
20:22:58 <alee> rellerreller, ok
20:23:11 <redrobot> rellerreller decided it would be better to do without it.  Ran into problems that I can't quite remember now.
20:23:40 <rellerreller> redrobot I think now that formats and encodings are standarized the accept encoding may not be too bad. I would like to put a CR up for that in the future. I'm curious what lessons learned you have.
20:24:44 <redrobot> rellerreller I'll have to think about it...  I recall having problems with postman, and also with the HTTP Server in front of Barbican wanting to own the Accept-Encoding header...
20:25:13 <rellerreller> redrobot Oh my goodness!
20:25:40 <redrobot> alee I'm assuming the Identify CA blueprint will be lower priority than the Common Cert one?
20:25:51 <bknudson> I don't think accept-encoding is meant to be used for binary vs base64 ... http://tools.ietf.org/html/rfc2616#section-14.3
20:25:56 <rellerreller> I had so much trouble with the Accept header. The Gerrit gate kept failing. It does not accept application/pkcs8 or application/pkix-cert as Accept type.
20:26:05 <alee> redrobot, yeah -
20:26:06 <bknudson> there are several accept-encodings defined.
20:26:43 <bknudson> tranfer using base64 or binary would be content-type.
20:26:59 <bknudson> or accept coming from the client.
20:27:11 <redrobot> base64 is not a content-type
20:27:56 <redrobot> and RFC 2616 is obsolete now :)
20:28:26 <redrobot> base64 is defined for Content-Transfer-Encoding or something like that... it's definitely worth investigating
20:29:04 <redrobot> rellerreller I saw you added asymmetric key support to K-3
20:29:12 <redrobot> rellerreller do you think you can have a CR ready for review this week?
20:29:19 <rellerreller> redrobot That is our goal
20:29:59 <redrobot> rellerreller awesome!
20:30:05 <rellerreller> redrobot It should not be much code, but we need to test PyKMIP with hardware to verify this works.
20:30:12 <redrobot> ok, that's all I have for Kilo-3
20:30:22 <redrobot> any questions/comments about Kilo-3?
20:32:06 <redrobot> ok, that's all I have on the agenda for today
20:32:12 <redrobot> #topic Open Discussion
20:32:34 <redrobot> Any questions/comments/topics not on the agenda?
20:33:41 <redrobot> Bueller?
20:33:52 <reaperhulk> We all left already
20:34:17 <redrobot> haha, ok then, I guess we can call it an early meeting
20:34:23 <redrobot> thanks everyone for coming!
20:34:27 <redrobot> #endmeeting