18:00:23 <bdpayne> #startmeeting OpenStack Security Group
18:00:23 <openstack> Meeting started Thu Jan 23 18:00:23 2014 UTC and is due to finish in 60 minutes.  The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot.
18:00:25 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
18:00:27 <openstack> The meeting name has been set to 'openstack_security_group'
18:00:32 <bdpayne> #topic Roll Call
18:00:36 <bknudson> hi
18:00:40 <bdpayne> morning!
18:01:20 <bdpayne> anyone else here today?
18:01:44 <bdpayne> ok, perhaps it will be a quiet day
18:01:52 <bdpayne> #topic Agenda
18:02:01 <bdpayne> bknudson anything you'd like to discuss?
18:02:18 <bknudson> bdpayne: no, haven't been able to focus a whole lot on security stuff lately
18:02:24 <bdpayne> no worries
18:02:26 <bknudson> i2 milestone for keystone keeping me busy
18:02:35 <bdpayne> since it's just us, I do have a keystone question for you :-)
18:02:57 <bdpayne> I saw a thread about checking password complexity in keystone around the end of Dec
18:03:01 <bdpayne> do you know if that went anywhere?
18:03:09 <bdpayne> i.e., is there a blueprint and/or plans to work on that
18:03:10 <bdpayne> ?
18:03:27 <bknudson> bdpayne: I haven't seen a blueprint or any submissions for changes
18:03:41 <joel-coffman> hey, I had to step away from my desk for a minute
18:03:53 <bdpayne> hi joel-coffman
18:03:57 <bknudson> some people thought it was a good idea... I thought it was a little odd to only implement that part of a password regimen.
18:04:02 <nkinder> Hi all
18:04:21 <bdpayne> bknudson what do you mean by just that part?
18:04:36 <bknudson> Keystone doesn't do account lockouts, password expiration, any of that normal stuff that orgs expect.
18:04:43 <bdpayne> oh, I see
18:04:49 <bdpayne> yeah... other stuff would be nice too
18:04:55 <dolphm> bknudson: password expiration is probably landing in icehouse after rotation
18:04:56 <bknudson> if you keep your users in LDAP you get that.
18:04:56 <bdpayne> I guess one step at a time ;-)
18:05:10 <bknudson> so keep your users in ldap
18:05:11 <dolphm> err in juno*
18:05:21 <bdpayne> hard to keep them *all* in LH, right?
18:05:28 <bdpayne> like all service accounts and admins and such?
18:05:46 <bdpayne> sorry, on LH.. I mean LDAP
18:06:14 <bknudson> some people don't want service accounts in ldap... we had a proposal to have different backends per domain
18:06:22 <bknudson> but unfortunately it was half-baked
18:06:27 <bdpayne> anyway, now that we have other people here I'm happy to return to our regularly scheduled programming
18:06:28 <SergeyLukjanov> savanna folks around?
18:06:36 <nkinder> Yeah, I think it would depend on the deployment (who owns LDAP, etc.)
18:06:42 <bdpayne> Any other topics of discussion for today's OSSG meeting?
18:07:57 <bdpayne> nkinder any updates to report?
18:08:32 <nkinder> bdpayne: Well, it seems like there's been some progress/agreement on the OSSN naming discussion
18:08:44 <bdpayne> yes, this is true
18:08:53 <bdpayne> in so far as people like what I suggested ;-)
18:08:53 <nkinder> I still need to research moving it into git/gerrit.
18:09:21 <bdpayne> for those that didn't see... the current plan seems to be to just do incremental numbering without concern of the date / year
18:09:28 <bdpayne> OSSN-001, OSN-002, etc
18:09:39 <bdpayne> git / gerrit would be really nice
18:09:49 <bdpayne> do you know who we talk to about setting that up?
18:10:04 <nkinder> nope, was going to do some digging
18:10:12 <nkinder> pointers would be appreciated :)
18:10:30 <bdpayne> ok, I'm not actually sure myself
18:10:46 <nkinder> Ok, I'll dig then
18:11:01 <bknudson> nkinder: I would ask the infra team -- post to the mailing list
18:11:01 <bdpayne> sounds good
18:11:12 <bknudson> or on irc
18:11:16 <nkinder> bknudson: ok, will do
18:11:56 <malini1> James Blair <jeblair@openstack.org>
18:12:01 <nkinder> I don't have much else to report since last week.
18:12:01 <malini1> infrastructure team
18:12:21 <bdpayne> #topic Moving Forward
18:12:25 <nkinder> I would like to have some discussions on the summit talk proposals.  We had an action item for that last week.
18:12:42 <bdpayne> So we have a variety of action items frmo the past two weeks of meetings
18:12:51 <bdpayne> nkinder Ok, we'll touch on that in just a sec
18:13:16 <bdpayne> links to action items are http://eavesdrop.openstack.org/meetings/openstack_security_group/2014/openstack_security_group.2014-01-09-18.02.html and http://eavesdrop.openstack.org/meetings/openstack_security_group/2014/openstack_security_group.2014-01-16-18.00.html
18:13:53 <bdpayne> I still have mine as open tasks... but they are on my todo list
18:14:00 <bdpayne> should get there in the next week
18:14:41 <bdpayne> nkinder As you mentioned, one item was to discuss the summit talks
18:15:07 <bdpayne> In particular, an OSSG specific talk
18:15:18 <bdpayne> might make sense to take that to email so that we can include Rob?
18:15:51 <nkinder> bdpayne: yes, e-mail or even phone if you like.
18:16:23 <bdpayne> excellent, I will get that setup
18:16:37 <bdpayne> any other summit talk submissions people would like to discuss?
18:17:31 <bdpayne> ok
18:17:41 <malini1> No talk update but a while back I mentioned geo based computing and storage
18:17:58 <malini1> the storage is possible using "storage policies" coming up in Swift
18:18:01 <bdpayne> any new OSSNs in the queue?
18:18:50 <malini1> now cool UI but it is possible to assign machines to a cluster, give it a policy, say "geo-use" and use that policy for object storage
18:19:23 <bdpayne> malini1 interesting
18:19:31 <bdpayne> sounds like things are generally quiet today, which is fine
18:19:36 <bdpayne> let's hit the open action items
18:19:42 <bdpayne> and return next week with more to discuss
18:19:47 <bdpayne> thanks everyone
18:19:49 <bdpayne> have a great week
18:19:52 <bknudson> thanks
18:20:02 <malini1> opps, not "now" but "No" cool UI
18:20:10 <bdpayne> #endmeeting