15:01:41 <d34dh0r53> #startmeeting keystone
15:01:41 <opendevmeet> Meeting started Wed Mar 19 15:01:41 2025 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:41 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:41 <opendevmeet> The meeting name has been set to 'keystone'
15:02:00 <d34dh0r53> Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct
15:02:07 <d34dh0r53> #link https://openinfra.dev/legal/code-of-conduct
15:02:14 <d34dh0r53> #topic roll call
15:02:18 <gtema> o/
15:02:20 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra
15:02:36 <d34dh0r53> dmendiza o/
15:04:10 <xek> o/
15:04:55 <d34dh0r53> #topic review past meeting work items
15:04:58 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2025
15:05:01 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-12-15.03.html
15:05:09 <d34dh0r53> no action items from last week
15:05:13 <d34dh0r53> #topic liaison updates
15:05:22 <d34dh0r53> no updates from VMT or releases
15:05:28 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:05:32 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:05:34 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:05:36 <d34dh0r53> External OAuth 2.0 Specification
15:05:39 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)
15:05:43 <d34dh0r53> OAuth 2.0 Implementation
15:05:45 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged)
15:05:50 <d34dh0r53> OAuth 2.0 Documentation
15:05:53 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)
15:05:57 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)
15:06:05 <d34dh0r53> no updates from me on this unfortunately
15:06:10 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:06:13 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:06:16 <d34dh0r53> 2024.1 Release Timeline
15:06:18 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:06:21 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:08:09 <d34dh0r53> dmendiza: might not be around
15:08:10 <d34dh0r53> next up
15:08:21 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:08:22 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:09:04 <gtema> one change up for review from our Student, looking at first adapting the codegenerator since imported schema is being renamed
15:09:31 <gtema> due to the FF sadly still no release of openstackdocstheme so I can't do anything wrt rendering at the moment
15:10:09 <gtema> nothing else on the $topic
15:10:25 <dmendiza[m]> 👋
15:10:39 <d34dh0r53> ack
15:10:43 <d34dh0r53> hi dmendiza
15:11:02 <dmendiza[m]> Sorry I missed the inital ping
15:11:21 <dmendiza[m]> no updates on SRBAC, but I am knees deep in policy stuff right now.
15:12:00 <d34dh0r53> ack
15:12:07 <gtema> hehe, same do I just on the the OPA for Neutron front ;-)
15:13:42 <d34dh0r53> condolences to you both :)
15:13:57 <gtema> lol, policies are fun
15:14:19 <d34dh0r53> next up
15:14:23 <d34dh0r53> #topic specification Include bad password details in audit messages (stanislav-z)
15:14:25 <d34dh0r53> #link https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%22
15:14:27 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/915482 (merged)
15:14:30 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/932423 (to be reviewed)
15:14:32 <d34dh0r53> 'v
15:14:34 <d34dh0r53> 11-Mar update: the implementation has been updated to incorporate the review feedback
15:14:48 <stanislav-z> no updates from my side, but here's the convenience link :) https://review.opendev.org/c/openstack/keystone/+/932423/9..10
15:14:57 <d34dh0r53> I saw that you updated the patch Stanislav Zaprudskiy , I'll take a look
15:15:06 <stanislav-z> many thanks!
15:15:17 <d34dh0r53> np
15:15:23 <d34dh0r53> that does it for specs
15:15:26 <d34dh0r53> #topic open discussion
15:16:05 <gtema> I was able to implement passkeys (or more correctly to say security keys) support in the Rust Keystone reimpl
15:16:16 <gtema> can get token with Yubikey
15:16:19 <d34dh0r53> PTG etherpad is here #link https://etherpad.opendev.org/p/apr2025-ptg-keystone
15:16:26 <d34dh0r53> feel free to add stuff
15:16:30 <d34dh0r53> gtema: that's awesome
15:17:08 <gtema> can demo on Friday if there is interest
15:17:18 <d34dh0r53> I'd love to see it
15:17:30 <gtema> deal
15:18:20 <d34dh0r53> sweet
15:18:37 <d34dh0r53> anyone have anything else for open discussion?
15:19:28 <gtema> not from me
15:19:59 <d34dh0r53> #topic bug review
15:20:01 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:20:05 <d34dh0r53> no new bugs for keystone
15:20:38 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:20:49 <d34dh0r53> python-keystoneclient looks clean
15:20:53 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:20:59 <d34dh0r53> so does keystoneauth
15:21:08 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:21:14 <d34dh0r53> no new bugs in keystonemiddleware
15:21:20 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:21:24 <d34dh0r53> pycadf is good
15:21:28 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:21:32 <d34dh0r53> so is ldappool
15:21:35 <d34dh0r53> #topic conclusion
15:21:48 <d34dh0r53> That's all I've got for this week, thanks folks!
15:22:00 <gtema> thks
15:22:16 <d34dh0r53> #endmeeting