15:00:28 #startmeeting keystone 15:00:28 Meeting started Tue May 31 15:00:28 2022 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:28 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:28 The meeting name has been set to 'keystone' 15:00:39 #topic Roll Call 15:01:08 courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek 15:01:34 #topic Review past meeting work items 15:02:23 #link https://meetings.opendev.org/meetings/keystone_weekly_meeting/2022/keystone_weekly_meeting.2022-05-24-15.04.html 15:03:26 I had an action item to discuss with dmendiza[m] the meeting during the summit. 15:03:56 I was not able to connect with Doug, so we'll have to talk about it in Berlin. We'll update you here about the status of the meeting 15:04:17 #action d34dh0r53 talk to dmendiza[m] about next weeks meeting 15:04:31 #topic Specifications 15:04:39 OAuth 2.0 15:04:45 o/ 15:04:48 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:05:04 #link https://review.opendev.org/c/openstack/keystone-specs/+/843765 15:05:34 Zuul is still in progress... 15:05:39 h-asahina: I see you submitted the additional specification for Mutual-TLS support 15:06:16 yes and I've just fixed tox which failed building recently 15:06:58 Also, I've submitted the bug report regarding this problem of tox 15:07:14 I'll submit the patch to fix it separately later. 15:07:24 h-asahina: excellent, thank you 15:07:32 :) 15:07:49 I'd like to explain the contents of the spec now. is it ok? 15:08:02 h-asahina: yes, that is fine 15:08:15 thanks 15:08:59 I'll briefly explain the background of this spec as we have changed the contents from the BP. 15:09:27 Actually, we have to change our contents for Zed release as our priority has been changed. 15:10:18 As I explained before, I came from OpenStack Tacker project that try to make Virtual Network Function Manager supporint the famous standard in that area called ETSI NFV SOL. 15:10:48 and that's why we need to meet the latest standard 15:11:55 In the latest SOL013, which define the common API specification for NFV components (including VNFM), forces the components to use OAuth2.0 mutual TLS, i.e., RFC8705. 15:12:02 https://datatracker.ietf.org/doc/html/rfc8705 15:12:37 To meets this requirement, we'd like to implement RFC8705 to Keystone, KeystoneMiddleware and keystoneauth. 15:13:07 Changes to do it includes the contents of BP but also includes several new parts like adding APIs. 15:13:35 So, I'd like to hear the feasibility of this proposal from Keystone core. 15:14:24 I note that this changes will not reduce the security level by the way. 15:15:26 Could you tell me your opinion? 15:17:17 h-asahina: The specification you've provided looks good, but I am not qualified to fully give an opinion at this time. 15:17:52 h-asahina: I will bring this up as an item for discussion with dmendiza[m] and knikolla at the Summit next week. Are you going to be there? 15:18:27 unfortunately, I'm not 15:19:16 h-asahina: ok 15:20:19 #action d34dh0r53 dmendiza[m] knikolla review meeting logs and discuss https://review.opendev.org/c/openstack/keystone-specs/+/843765/4/specs/keystone/zed/support-oauth2-mtls.rst 15:20:30 so, plese give me comments on the spec. I'll check and reply it. 15:21:04 h-asahina: yes, we will and hopefully time will permit us to hold the weekly meeting so we can discuss further 15:21:31 good 15:21:33 thank you h-asahina! 15:21:39 moving on to Secure RBAC 15:21:40 thank you too! 15:21:51 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:22:32 I don't have any updates for Secure RBAC 15:23:10 next up: Gate inherited assignments from parent (bbobrov) 15:23:14 #link https://review.opendev.org/c/openstack/keystone-specs/+/334364 15:25:04 we will review this at the summit as well as it's been updated recently 15:25:18 bbobrov: do you have anything you'd like to add? 15:26:12 #action d34dh0r53 dmendiza[m] knikolla review https://review.opendev.org/c/openstack/keystone-specs/+/334364 15:27:51 #topic public discussion 15:28:20 I need to ask dmendiza[m] about bandit and building from git 15:28:37 #action d34dh0r53 ask dmendiza[m] about this bandit line in the agenda 15:28:49 anything else? 15:29:46 ok, moving on 15:29:58 Alexandre arents proposed openstack/keystone master: Federation: add support for projects_json assertion https://review.opendev.org/c/openstack/keystone/+/844098 15:30:05 #topic bug review 15:30:16 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:30:35 looks like one new keystone bug: https://bugs.launchpad.net/keystone/+bug/1976387 15:30:52 this was from h-asahina and a fix is forthcoming 15:31:10 yes 15:31:15 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:31:26 no new python-keystoneclient bugs 15:31:42 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:31:49 no new keystoneauth bugs 15:32:08 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:32:22 no new keystomemiddleware bugs 15:32:39 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:32:44 no new pycadf bugs 15:33:01 #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:33:09 and, no new ldappool bugs 15:33:25 #topic open floor 15:33:35 Does anyone have anything else for this week? 15:34:25 Reminder than the OpenInfra Summit is next week in Berlin, I'm looking forward to meeting and seeing those who can make it 15:35:18 Another reminder that we'll be having another reviewathon at 15:00 UTC this Friday. Please let me know if you'd like to be included and I can send you the invite. 15:38:15 Thanks everyone! 15:38:20 #endmeeting