15:04:18 <dmendiza[m]> #startmeeting keystone 15:04:18 <opendevmeet> Meeting started Tue Jun 14 15:04:18 2022 UTC and is due to finish in 60 minutes. The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:04:18 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:04:18 <opendevmeet> The meeting name has been set to 'keystone' 15:04:45 <dmendiza[m]> #topic Roll Call 15:05:15 <dmendiza[m]> Courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek 15:05:32 <xek> o/ 15:05:41 <h_asahina> o/ 15:05:47 <knikolla> o/ 15:05:56 <dmendiza[m]> Hi y'all! 15:06:09 <dmendiza[m]> Let's get started 15:06:19 <dmendiza[m]> #topic Review Last Meeting Action Items 15:06:38 <dmendiza[m]> #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-05-31-15.00.html 15:07:22 <dmendiza[m]> There was a few 15:07:25 <dmendiza[m]> > d34dh0r53 talk to dmendiza[m] about next weeks meeting 15:07:37 <dmendiza[m]> I assume this was about whether or not we were going to meet last week 15:07:44 <dmendiza[m]> So, no. :) 15:07:58 <dmendiza[m]> With most folks at the summit, I figured we'd skip the meeting. 15:08:21 <dmendiza[m]> > d34dh0r53 dmendiza[m] knikolla review meeting logs and discuss https://review.opendev.org/c/openstack/keystone-specs/+/843765/4/specs/keystone/zed/support-oauth2-mtls.rst 15:09:43 <dmendiza[m]> I probably should've looked at meeting logs 15:09:56 <dmendiza[m]> so I just learned about this. 15:10:03 <dmendiza[m]> We'll add it to the agenda to review specs 15:10:52 <dmendiza[m]> > d34dh0r53 dmendiza[m] knikolla review https://review.opendev.org/c/openstack/keystone-specs/+/334364 15:11:53 <knikolla> i've cleared up a lot from my calendar today so i can catch up on reviews :/ 15:15:40 <dmendiza[m]> Cool 15:16:30 <dmendiza[m]> I'll add this spec to the spec reviews as well 15:17:17 <dmendiza[m]> and the last action item 15:17:20 <dmendiza[m]> > d34dh0r53 ask dmendiza[m] about this bandit line in the agenda 15:17:58 <dmendiza[m]> > bandit seems to be broken, cannot build keystone from git 15:18:17 <dmendiza[m]> I think that's what d34dh0r53 was talking about 15:18:55 <dmendiza[m]> I think admiyo was talking about not being able to run bandit from a fresh clone 15:19:02 <dmendiza[m]> I can try to do that and see how it goes 15:19:38 <dmendiza[m]> #action dmendiza[m] to try to run keystone from a fresh clone 15:19:50 <dmendiza[m]> #topic Liaison Updates 15:19:58 <dmendiza[m]> I don't have any 15:20:17 <dmendiza[m]> #topic Summit Recap 15:20:24 <dmendiza[m]> I unfortunately had to cancel my trip to the Summit 15:26:04 <dmendiza[m]> Anyone make it to Berlin and want to give a quick recap? 15:29:14 <dmendiza[m]> I'll take that as a no 15:29:16 <dmendiza[m]> moving on ... 15:29:31 <dmendiza[m]> #topic OAuth 2.0 15:29:48 <dmendiza[m]> Looks like we still need lots of reviews 15:29:50 <dmendiza[m]> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:30:03 <dmendiza[m]> Also a new spec 15:30:05 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/843765 15:30:12 <dmendiza[m]> h_asahina: did you want to talk about these 15:30:15 <h_asahina> yes 15:31:03 <h_asahina> I put the brief explanation on agenda 31th May. 15:31:29 <h_asahina> as I wrote there I've submitted the spec and I've changed the contents from BP I submitted before. 15:31:45 <h_asahina> https://blueprints.launchpad.net/keystone/+spec/enhance-oauth2-interoperability 15:32:50 <h_asahina> The reason behind this change is recent update of ETSI NFV SOL013. 15:33:24 <h_asahina> Like I said before, I came from OpenStack Tacker that is aiming at implementing ETSI NFV standard, 15:33:52 <h_asahina> and the latest version of that standard forces NFV components like Tacker to implement mutual TLS 15:34:39 <dmendiza[m]> I haven't had a chance to read the spec, but I think mtls would be a good addition 15:35:02 <h_asahina> that's glad to hear 15:35:41 <h_asahina> So, I proposed mutual TLS in Spec 15:36:53 <h_asahina> but the detailed implementation is not clear in the standard like whether or not we should implement mutual-TLS OAuth2.0 or just mutual-TLS. so, we're confirming it to standarad organization now. 15:37:29 <h_asahina> Therefore, we might omit some work items listed in the spec, but we won't add additional items. 15:38:23 <h_asahina> I wrote a kind of the maximum work items as we can imagne. so please kindly review it and hopefully give us your feedback. 15:40:12 <h_asahina> and I'd like to note that as dmendiza said mutual-TLS will not ruin the security of Keystone. 15:40:53 <dmendiza[m]> thanks h_asahina 15:41:08 <dmendiza[m]> Hopefully we'll get back to reviewathons this week 15:41:12 <dmendiza[m]> and we'll look at the specs 15:41:20 <h_asahina> great. thanks. 15:41:39 <dmendiza[m]> #topic Secure RBAC 15:41:42 <dmendiza[m]> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:47:44 <dmendiza[m]> Ok, took me a second to find the link I needed 15:47:45 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/818603 15:47:49 <dmendiza[m]> looks like the spec is merged 15:48:29 <dmendiza[m]> The review needs some TLC 15:48:30 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone/+/822601 15:50:14 <dmendiza[m]> We'll try to get to those for reviewathon 15:50:58 <dmendiza[m]> I haven't had a chance to look into what I missed for the Summit with regards to SRBAC 15:51:10 <dmendiza[m]> Hopefully not to much 15:51:13 <dmendiza[m]> *too much 15:51:19 <dmendiza[m]> Moving on ... 15:51:40 <dmendiza[m]> #topic Gate inherited assignments from parent (bbobrov) 15:51:48 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/334364 15:51:57 <dmendiza[m]> We should probably review this at reviewathon also 16:01:49 <dmendiza[m]> Aaand we're out of time. 16:02:07 <dmendiza[m]> See y'all Friday for the reviewathon. 16:02:11 <dmendiza[m]> #endmeeting