15:00:28 <d34dh0r53> #startmeeting keystone 15:00:28 <opendevmeet> Meeting started Tue May 31 15:00:28 2022 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:28 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:28 <opendevmeet> The meeting name has been set to 'keystone' 15:00:39 <d34dh0r53> #topic Roll Call 15:01:08 <d34dh0r53> courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek 15:01:34 <d34dh0r53> #topic Review past meeting work items 15:02:23 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone_weekly_meeting/2022/keystone_weekly_meeting.2022-05-24-15.04.html 15:03:26 <d34dh0r53> I had an action item to discuss with dmendiza[m] the meeting during the summit. 15:03:56 <d34dh0r53> I was not able to connect with Doug, so we'll have to talk about it in Berlin. We'll update you here about the status of the meeting 15:04:17 <d34dh0r53> #action d34dh0r53 talk to dmendiza[m] about next weeks meeting 15:04:31 <d34dh0r53> #topic Specifications 15:04:39 <d34dh0r53> OAuth 2.0 15:04:45 <h-asahina> o/ 15:04:48 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:05:04 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/843765 15:05:34 <h-asahina> Zuul is still in progress... 15:05:39 <d34dh0r53> h-asahina: I see you submitted the additional specification for Mutual-TLS support 15:06:16 <h-asahina> yes and I've just fixed tox which failed building recently 15:06:58 <h-asahina> Also, I've submitted the bug report regarding this problem of tox 15:07:14 <h-asahina> I'll submit the patch to fix it separately later. 15:07:24 <d34dh0r53> h-asahina: excellent, thank you 15:07:32 <h-asahina> :) 15:07:49 <h-asahina> I'd like to explain the contents of the spec now. is it ok? 15:08:02 <d34dh0r53> h-asahina: yes, that is fine 15:08:15 <h-asahina> thanks 15:08:59 <h-asahina> I'll briefly explain the background of this spec as we have changed the contents from the BP. 15:09:27 <h-asahina> Actually, we have to change our contents for Zed release as our priority has been changed. 15:10:18 <h-asahina> As I explained before, I came from OpenStack Tacker project that try to make Virtual Network Function Manager supporint the famous standard in that area called ETSI NFV SOL. 15:10:48 <h-asahina> and that's why we need to meet the latest standard 15:11:55 <h-asahina> In the latest SOL013, which define the common API specification for NFV components (including VNFM), forces the components to use OAuth2.0 mutual TLS, i.e., RFC8705. 15:12:02 <h-asahina> https://datatracker.ietf.org/doc/html/rfc8705 15:12:37 <h-asahina> To meets this requirement, we'd like to implement RFC8705 to Keystone, KeystoneMiddleware and keystoneauth. 15:13:07 <h-asahina> Changes to do it includes the contents of BP but also includes several new parts like adding APIs. 15:13:35 <h-asahina> So, I'd like to hear the feasibility of this proposal from Keystone core. 15:14:24 <h-asahina> I note that this changes will not reduce the security level by the way. 15:15:26 <h-asahina> Could you tell me your opinion? 15:17:17 <d34dh0r53> h-asahina: The specification you've provided looks good, but I am not qualified to fully give an opinion at this time. 15:17:52 <d34dh0r53> h-asahina: I will bring this up as an item for discussion with dmendiza[m] and knikolla at the Summit next week. Are you going to be there? 15:18:27 <h-asahina> unfortunately, I'm not 15:19:16 <d34dh0r53> h-asahina: ok 15:20:19 <d34dh0r53> #action d34dh0r53 dmendiza[m] knikolla review meeting logs and discuss https://review.opendev.org/c/openstack/keystone-specs/+/843765/4/specs/keystone/zed/support-oauth2-mtls.rst 15:20:30 <h-asahina> so, plese give me comments on the spec. I'll check and reply it. 15:21:04 <d34dh0r53> h-asahina: yes, we will and hopefully time will permit us to hold the weekly meeting so we can discuss further 15:21:31 <h-asahina> good 15:21:33 <d34dh0r53> thank you h-asahina! 15:21:39 <d34dh0r53> moving on to Secure RBAC 15:21:40 <h-asahina> thank you too! 15:21:51 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:22:32 <d34dh0r53> I don't have any updates for Secure RBAC 15:23:10 <d34dh0r53> next up: Gate inherited assignments from parent (bbobrov) 15:23:14 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/334364 15:25:04 <d34dh0r53> we will review this at the summit as well as it's been updated recently 15:25:18 <d34dh0r53> bbobrov: do you have anything you'd like to add? 15:26:12 <d34dh0r53> #action d34dh0r53 dmendiza[m] knikolla review https://review.opendev.org/c/openstack/keystone-specs/+/334364 15:27:51 <d34dh0r53> #topic public discussion 15:28:20 <d34dh0r53> I need to ask dmendiza[m] about bandit and building from git 15:28:37 <d34dh0r53> #action d34dh0r53 ask dmendiza[m] about this bandit line in the agenda 15:28:49 <d34dh0r53> anything else? 15:29:46 <d34dh0r53> ok, moving on 15:29:58 <opendevreview> Alexandre arents proposed openstack/keystone master: Federation: add support for projects_json assertion https://review.opendev.org/c/openstack/keystone/+/844098 15:30:05 <d34dh0r53> #topic bug review 15:30:16 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:30:35 <d34dh0r53> looks like one new keystone bug: https://bugs.launchpad.net/keystone/+bug/1976387 15:30:52 <d34dh0r53> this was from h-asahina and a fix is forthcoming 15:31:10 <h-asahina> yes 15:31:15 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:31:26 <d34dh0r53> no new python-keystoneclient bugs 15:31:42 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:31:49 <d34dh0r53> no new keystoneauth bugs 15:32:08 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:32:22 <d34dh0r53> no new keystomemiddleware bugs 15:32:39 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:32:44 <d34dh0r53> no new pycadf bugs 15:33:01 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:33:09 <d34dh0r53> and, no new ldappool bugs 15:33:25 <d34dh0r53> #topic open floor 15:33:35 <d34dh0r53> Does anyone have anything else for this week? 15:34:25 <d34dh0r53> Reminder than the OpenInfra Summit is next week in Berlin, I'm looking forward to meeting and seeing those who can make it 15:35:18 <d34dh0r53> Another reminder that we'll be having another reviewathon at 15:00 UTC this Friday. Please let me know if you'd like to be included and I can send you the invite. 15:38:15 <d34dh0r53> Thanks everyone! 15:38:20 <d34dh0r53> #endmeeting