15:00:26 <mharley[m]> #startmeeting barbican
15:00:26 <opendevmeet> Meeting started Mon Apr 14 15:00:26 2025 UTC and is due to finish in 60 minutes.  The chair is mharley[m]. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:26 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:26 <opendevmeet> The meeting name has been set to 'barbican'
15:00:55 <mharley[m]> Courtesy ping for dmendiza[m] ade_lee d34dh0r53 Luzi tosky tobias-urdin jjung mharley lpiwowar
15:01:22 <mharley[m]> If you want to be pinged, add your nickname here:
15:01:34 <mharley[m]> #link https://etherpad.opendev.org/p/barbican-weekly-meeting
15:01:54 <mharley[m]> The meeting's agenda can be found at the same link.
15:02:24 <mharley[m]> Very first meeting of this cycle's PTL:  mharley.
15:02:42 <rajiv> nice!!!
15:02:57 <mharley[m]> Hello, rajiv! :-)
15:03:00 <mharley[m]> #topic Review Past Meeting Action Items
15:03:12 <rajiv> :)
15:03:44 <dmendiza[m]> 🙋‍♂️
15:03:55 <mharley[m]> We just had the information about the upcoming PTG and the switch between PTLs.  No further discussions were held.
15:04:02 <mharley[m]> Hello, hello, dmendiza.
15:04:27 <mharley[m]> #topic Liaison Updates
15:05:11 <mharley[m]> Epoxy has been released two weeks ago:
15:05:14 <xek> o/
15:05:20 <mharley[m]> #link https://releases.openstack.org/epoxy/schedule.html
15:05:37 <mharley[m]> Hi, @xek!
15:05:56 <mharley[m]> There are currently no news for Flamingo.
15:06:18 <mharley[m]> #topic Bug Review
15:06:45 <mharley[m]> No new bugs were filed. Yay!
15:06:51 <rajiv> i raised these 2 today :
15:06:58 <rajiv> https://review.opendev.org/c/openstack/barbican-specs/+/947093
15:06:59 <rajiv> https://review.opendev.org/c/openstack/barbican/+/947118
15:07:32 <rajiv> Hi dmendiza[m], it would be great if you could review it
15:07:41 <mharley[m]> Thanks for the heads up, rajiv.
15:07:47 <rajiv> np :)
15:07:53 <dmendiza[m]> ack
15:08:29 <rajiv> at first glance, is implementing HSM multi-tenancy a good idea in barbican ?
15:13:06 <mharley[m]> Well, HSM software is usually secure enough to avoid lateral movement between partitions (or vHSMs, depending on the vendor).  Nevertheless, we must have in mind that this could demand some special or non-supported scenarios on the devices.
15:13:36 <mharley[m]> And compliance requirements should also be taken into account, especially if they demand strict physical isolation for keys/secrets.
15:13:48 <rajiv> sure, my intent of this patch was to be cloud-native and be scalable wrt hardware HSM devices
15:14:08 <mharley[m]> * some special/complex or
15:14:22 <mharley[m]> Got it, and that's laudable.
15:14:29 <rajiv> yes. compliance was one aspect i wasnt sure on application side as on hardware side both are FIPS L3 compliant
15:15:54 <mharley[m]> #topic Open Discussion
15:16:10 <mharley[m]> PTG happened last week (from 7th to 11th).
15:16:25 <mharley[m]> We had two sessions in total.
15:17:01 <mharley[m]> First one was to talk about Barbican only, where we covered KMIP and PKCS#12.
15:17:37 <mharley[m]> There are some action items for dmendiza[m] on the KMIP part.  mharley will help as well.
15:18:07 <mharley[m]> The PKCS#12 part is related to an Outreachy mentorship project led by mharley.
15:18:21 <rajiv> could you please share the meeting links or conclusions ?
15:18:30 <mharley[m]> The project is meant to implement support for such a feature in Babican, and it is currently under the applicants selection phase.
15:18:53 <mharley[m]> I'll do that soon, rajiv.
15:18:59 <mharley[m]> Details about the PKCS#12 project can be found at the link below:
15:19:00 <rajiv> thanks
15:19:04 <mharley[m]> #link https://www.outreachy.org/outreachy-june-2025-internship-cohort/communities/openstack/#pkcs12-bundle-type-support
15:19:19 <mharley[m]> The second PTG session was a cross-project meeting with Nova.
15:19:48 <mharley[m]> On this meeting, discussions about vTPM were held.
15:20:16 <mharley[m]> No action items from our side (Barbican) were observed.
15:20:31 <mharley[m]> All information can be found at the following link:
15:20:44 <mharley[m]> #link https://etherpad.opendev.org/p/apr2025-ptg-barbican
15:21:17 <mharley[m]> Does anyone have anything else to ask or inform? 🙂
15:22:09 <rajiv> based on notes, a new KMIP backend will be introduced ? since pykmip is not updated ?
15:22:34 <mharley[m]> That's correct!
15:22:59 <mharley[m]> This is currently under research, and we shall have news soon (hopefully).
15:23:41 <rajiv> great news, we forked pykmip and did our own custom development
15:23:52 <rajiv> https://github.com/sapcc/PyKMIP
15:24:41 <mharley[m]> Cool.
15:29:05 <mharley[m]> Anything else to add?
15:30:26 <mharley[m]> That's all, folks!  See you next week! :-)
15:30:32 <mharley[m]> #endmeeting