20:00:26 <redrobot> #startmeeting barbican
20:00:27 <openstack> Meeting started Mon Jun 27 20:00:26 2016 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:00:28 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:00:31 <openstack> The meeting name has been set to 'barbican'
20:00:37 <redrobot> #topic Roll Call
20:00:46 <diazjf> o/
20:00:47 <jmckind_> o/
20:00:49 <panatl> o/
20:01:29 <kfarr> o/
20:01:54 <redrobot> Not a whole lot of barbicaneers here today...
20:01:58 <arunkant> o/
20:02:04 <redrobot> no matter we'll have an awesome meeting anyway!
20:02:32 <redrobot> As usual the agenda can be found here:
20:02:44 <redrobot> #link https://wiki.openstack.org/wiki/Meetings/Barbican#Agenda
20:02:52 <redrobot> and as usual... there's nothing there. :-P
20:03:00 <redrobot> we can make it up as we go...
20:03:10 <redrobot> #topic Mid-Cycle
20:03:15 <redrobot> diazjf do you have news for us?
20:03:25 <diazjf> redrobot, yessir
20:03:51 <diazjf> So I was able to secure a room for August 15 - 19
20:04:03 <diazjf> Only 17 people registered so far
20:04:06 <diazjf> https://etherpad.openstack.org/p/barbican-security-midcycle-N
20:04:19 <redrobot> diazjf sweet!
20:04:28 <redrobot> diazjf do you want to announce it on the mailing list?
20:04:48 <diazjf> No funding available for food :(. Still waiting on Rob for that
20:05:16 <redrobot> diazjf ok, I'll ask and see if maybe Rackspace can pick up breakfast/lunch on a day or two
20:05:30 <diazjf> I'll ping you later this week, to make sure its all good before I announce it :)
20:05:38 <redrobot> diazjf sounds good
20:05:41 <diazjf> I'll fund some donuts :)
20:06:02 <redrobot> #info Mid-cycle may be happening on August 15-19
20:06:11 <redrobot> #action diazjf to announce mid-cycle on ML later this week
20:06:14 <diazjf> and I'll attend the security meeting to let them know as well
20:06:23 <redrobot> any other topics we need to talk about?
20:06:32 <redrobot> or reviews needing reviewing?
20:06:47 <kfarr> How certain are those dates and times for the mid-cycle?
20:06:48 <diazjf> We can talk about presentations
20:07:03 <kfarr> For example, would it be pretty safe to buy a plane ticket at this point?
20:07:18 <kfarr> Or would it be safer to wait?
20:07:31 <diazjf> kfarr, safer to wait until next week
20:07:47 <kfarr> diazjf, ok thanks
20:07:59 <diazjf> I'm in Miami now, but will be in Austin next week to final finalize. So far they said confirmed but I wanna make sure 100%
20:08:38 <redrobot> word
20:08:41 <woodster_> o/
20:08:55 * redrobot waves at woodster_ did you come bearing topics?
20:09:11 * woodster_ alas no, sorry
20:09:56 <arunkant> redrobot: Can you review multiple backend https://review.openstack.org/#/c/263972/ . I have tried to address your review comments on it. Will like to have approval before start impl in 2 weeks.
20:10:10 <redrobot> arunkant will do
20:10:34 <arunkant> redrobot: thx
20:10:54 <woodster_> arunkant: I need to refresh myself on that one too
20:13:17 <arunkant> woodster_ ..okay ..will be good to have design aspect/comments ironed out before start impl on it.
20:13:23 <redrobot> I guess we're all on top of everything, and there's not much to discuss... ;)
20:15:10 <redrobot> we can hang out for a couple more minutes, I guess, and then we can get a lot of time back
20:16:45 <arunkant> redrobot: is rackspace using fernet token ? Any thoughts on using barbican as key manager for manging keys needed for fernet token ?
20:17:20 <redrobot> #topic Fernet Tokens
20:17:43 <redrobot> arunkant I'm not sure if we're using fernet tokens or not?  I can ask the folks on the identity team though.
20:18:22 <redrobot> arunkant It's a weird chicken+egg problem for keystone to use barbican since we depend on them for access control
20:18:23 <lbragstad> redrobot arunkant rackspace uses the same concept of a non-persistent token, but it's not the exact fernet implementation
20:18:28 <arunkant> there was discussion in morning with diazjf ..to find out if there are use-cases in leveraging barbican or castellan as key manager
20:19:03 <diazjf> arunkant, and a few others an I are experimenting with the possibility of fernet keys stored in barbican.
20:19:04 <redrobot> lbragstad thanks!
20:19:14 <lbragstad> redrobot no problem!
20:19:41 <redrobot> diazjf arunkant fernet keys in general or fernet keys for keystone to use when issuing fernet tokens?
20:20:10 <arunkant> redrobot: for that..there was thought of using cert based authentication and barbican server can act as trusted client with known CN for keystone authentication
20:20:40 <diazjf> redrobot, so the barbican will be responsible for generation and storage of fernet keys
20:22:31 <lbragstad> i proposed a spec to keystone's backlog after visiting with an operator at the summit - https://github.com/openstack/keystone-specs/blob/master/specs/keystone/backlog/fernet-key-store.rst
20:24:50 <arunkant> lbragstad : I think gyee mentioned about same spec and we are trying to see what are the use-cases for using keymanager backend .
20:25:17 <lbragstad> arunkant cool
20:27:58 <redrobot> I'll read up on that spec lbragstad linked
20:28:18 <redrobot> I don't see why someone couldn't write a barbican spec for the barbican bits needed to generate fernet tokens
20:28:46 <gyee> if a spec is what you seek, you shall get :-)
20:29:24 <diazjf> :) :) :) :)
20:30:24 <redrobot> anything else on this topic or any other topics?
20:31:28 <arunkant> none from my side
20:33:27 <redrobot> cool beans, let's call it a day then
20:33:34 <redrobot> thanks everyone for coming!
20:33:57 <redrobot> oh before I forget
20:34:09 <redrobot> #info no meeting next week since it's a US holiday.
20:34:46 <redrobot> #endmeeting