17:58:51 <zns> #startmeeting Keystone Team Meeting
17:58:52 <openstack> Meeting started Tue Dec 20 17:58:51 2011 UTC.  The chair is zns. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:58:53 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic.
17:58:56 <zns> I am
17:59:06 * joesavak waves
17:59:37 <zns> *waves back*
17:59:44 <zns> Hi Joe. ANyone else here?
18:00:08 <pvo> o/
18:00:13 <pvo> I'm just lurking though
18:00:21 <joesavak> hi pvo
18:00:25 <pvo> hey hey
18:00:25 <zns> Hi pvo. Lurkers welcome.
18:00:34 <zns> #topic E3
18:00:37 <zns> Let's start.
18:00:43 <joesavak> #link e3: https://launchpad.net/keystone/+milestone/essex-3
18:00:55 <zns> For E3, we're starting to target blueprints and bugs. See here for latest list: https://launchpad.net/keystone/+milestone/essex-3
18:01:20 <zns> * joesavak steals thunder *
18:02:03 <joesavak> just call me zeus
18:02:20 <zns> Much discussions going on about shared CLI Auth across clients. See http://wiki.openstack.org/CLIAuth. CLient consistency will be a focus for E3.
18:02:47 <zns> Much of the focus for Essex remains on stability and operationalization.
18:04:28 <zns> We are considering pushing RBAC back to F (not deliver in Essex). However, we'll keep working on :
18:04:47 <zns> There is a progression of growth for RBAC:
18:04:47 <zns> * adding to nova/glance/swift hooks (nova only had it in the ec2 api,
18:04:47 <zns> we need to move the checks to a more core location to check in both
18:04:47 <zns> the ec2 and openstack api)
18:04:47 <zns> * loading static rulesets in services (what we did in nova since the
18:04:48 <zns> first release)
18:04:48 <zns> * sending static rulesets from keystone to services (push vs. pull or ...)
18:04:49 <zns> * CRUD for management of dynamic rules
18:05:06 <zns> and we're considering doing the first two only (so no work in Keystone).
18:05:48 <zns> For thiose interested in RBAC, we have the following out there for review:
18:05:50 <zns> 1. There is a blueprint out there: https://blueprints.launchpad.net/keystone/+spec/rbac-keystone
18:05:50 <zns> 2. We have a prototype for the middleware that shows what it would send down to Nova (and other services): see email below with links and highlighted JSON sample response.
18:05:50 <zns> 3. We have the API that Dashboard and other users could use defined here: https://review.openstack.org/#change,1243
18:06:56 <zns> The consideration driving not doing it in Essex is the time needed to get alignment and input from all other projects and teams. So far, this has not been high on peoples list (evidenced by the lack of response to our proposals).
18:07:15 <zns> ANy questions?
18:07:18 <joesavak> should we push that review through or wait until the impl?
18:08:10 <zns> I think we should not push it through uintil it actually has a working implementation behind it. It's only a proposal now and should not be in the release code.
18:08:53 <joesavak> cool. So there is no keystone work required for the nova/glance/swift hooks? I thought this was part of their respective middleware?
18:09:11 <zns> pvo: can you approve https://review.openstack.org/#change,1825
18:09:15 <zns> ?
18:10:12 <zns> Not sure how they want to code the static files. If we need to do something in the middleware we can do that easily. I think implementing the CRUD and response in Keystone is what would need a multi-team effort.
18:10:30 <joesavak> yup -ok
18:10:48 <zns> #topic General Q & A
18:10:55 <pvo> zns: sure. May get merge conflicts.
18:11:03 <zns> Anything else anyone wants to discuss?
18:11:37 <zns> pvo: painful. That one's been lingering. I can resolve them if needed.
18:11:45 <pvo> sure thing.
18:11:57 <zns> Ending meeting if no more Keystone questions. Thanks all!
18:12:03 <joesavak> thanks
18:12:03 <zns> #endmeeting