15:01:39 <krotscheck> #startmeeting storyboard
15:01:40 <openstack> Meeting started Mon May  5 15:01:39 2014 UTC and is due to finish in 60 minutes.  The chair is krotscheck. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:41 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:43 <openstack> The meeting name has been set to 'storyboard'
15:01:48 <krotscheck> Agenda: https://wiki.openstack.org/wiki/StoryBoard#Meeting
15:01:58 <NikitaKonovalov> o/
15:02:01 <krotscheck> I seem to recall russia having a holiday? Anyone here?
15:02:12 <gothicmindfood> o/
15:02:33 <krotscheck> Neat
15:02:37 <krotscheck> There are actually people
15:02:45 <gothicmindfood> (though I'm on another call for the first half hour :(  )
15:03:15 <NikitaKonovalov> we had holidays, but not today
15:03:21 <krotscheck> #topic High Priority Items
15:03:44 <krotscheck> The only one we have at the moment is a bug I introduced in the project filters on stories, which I’ve fixed on friday and was approved this morning.
15:03:53 <krotscheck> Anyone have anything else?
15:03:57 <NikitaKonovalov> yep
15:04:16 <krotscheck> NikitaKonovalov?
15:04:28 <NikitaKonovalov> there was an issue in my timelie commits, which thanks to krotscheck review is now fixed
15:04:58 <NikitaKonovalov> actually the timeline events need to get some reviews
15:05:07 <krotscheck> Link?
15:05:13 <NikitaKonovalov> a moment
15:05:54 <NikitaKonovalov> #link https://review.openstack.org/#/q/status:open+storyboard+branch:master+topic:timeline,n,z
15:06:13 <krotscheck> Ncie
15:06:16 <krotscheck> Ok,
15:06:27 <krotscheck> #action krotscheck Review timeline ASAP
15:06:38 <krotscheck> gothicmindfood? Interested in putting some eyes on that?
15:07:01 <krotscheck> (We’ll move on while she gets time to respond)
15:07:09 <krotscheck> #topic Ongoing Work: Timeline API
15:07:25 <krotscheck> Any other updates on that?
15:07:59 <NikitaKonovalov> I guess no, maybe some day a UX man will make them look a bit better
15:08:42 <krotscheck> I can do that
15:08:53 <NikitaKonovalov> krotscheck: that'll be great
15:08:56 <krotscheck> #action krotscheck Add a task for UX review of timeline.
15:09:00 <krotscheck> #topic Ongoing Work: Task Priorities
15:09:13 <krotscheck> Dumb priorities are up for review.
15:09:24 <NikitaKonovalov> a link?
15:09:30 <krotscheck> This is a _temporary_ solution as discussed 3 weeks ago (or so). It’s just an enum.
15:10:39 <NikitaKonovalov> ok
15:10:41 <krotscheck> Yeah, trying to figure out how to do the neat search you did
15:11:22 <krotscheck> https://review.openstack.org/#/c/91675/
15:11:26 <NikitaKonovalov> btw, new gerrit is good at autocompleting some fields for search
15:11:27 <krotscheck> https://review.openstack.org/#/c/91693/
15:11:30 <krotscheck> There we go
15:12:12 <krotscheck> #topic Ongoing Work: Dashboard
15:12:21 <krotscheck> So, I’ve added the ability to filter by assignee_id.
15:12:36 <krotscheck> #link https://review.openstack.org/#/c/91912/
15:12:44 <krotscheck> The next step there will be to surface that in the dashboard.
15:12:57 <SergeyLukjanov> folks, I'm sorry, need to go to office now
15:12:59 <krotscheck> It’s simple, but it’ll put something nice on the home page.
15:13:02 <krotscheck> SergeyLukjanov: No worries
15:13:18 <krotscheck> My question to the group is: Should the UI show Stories, Tasks, both?
15:13:27 <krotscheck> Also, what should the dashboard show when you’re not logged in?
15:13:59 <gothicmindfood> is there a way to show tasks discretely or generally, but stories more explicitly?
15:14:52 <krotscheck> gothicmindfood: I’m not certain I understand.
15:15:06 <gothicmindfood> krotscheck: me neither
15:15:12 <krotscheck> Right
15:15:24 <krotscheck> Ok, so how about I do a first UX pass at that to see what people think and then go from there.
15:15:45 <gothicmindfood> but I was just thinking about the question as a matter of prioritizing visibility of one over the other..
15:15:57 <gothicmindfood> krotscheck: sounds good :)
15:15:59 <krotscheck> gothicmindfood: And maybe we’ll use that as one of our test cases at the summit :)
15:16:09 <gothicmindfood> krotscheck: yay! :)
15:16:12 <krotscheck> gothicmindfood: I’m thinking that if you’re not logge din, stories are probably more valuable.
15:16:13 <ruhe> i personally would like to see a project description as a default page. something similar to current launchpad.net/{OPENSTACK_PROJECT}
15:17:29 <krotscheck> ruhe: Is this for projects or for the default index?
15:18:31 <ruhe> krotscheck: https://storyboard.openstack.org/#!/project/456/overview to look like https://launchpad.net/sahara
15:18:42 <krotscheck> ruhe: Got it, so more project base.
15:19:09 <krotscheck> #action krotscheck Create task to UX-review Project Detail page, make it look like Launchpad Project Detail: https://storyboard.openstack.org/#!/project/456/overview to look like https://launchpad.net/sahara
15:19:22 <krotscheck> Back to the root dashboard.
15:19:37 <krotscheck> #action krotscheck Quick UX pass for logged in / not logged in home page.
15:19:57 <krotscheck> #topic Ongoing Work: Task Authors
15:20:08 <krotscheck> Urm, actually, this is from last weeks agenda and I think it just totally fell off my radar.
15:20:16 <krotscheck> So, no progress.
15:20:28 <krotscheck> NikitaKonovalov, want to take over?
15:20:38 <NikitaKonovalov> Tasks have their authors, there is nothing to say
15:20:56 <krotscheck> Don’t we need to show that in the UI?
15:20:56 <NikitaKonovalov> There is something to say about Project Groups and Teams
15:21:01 <krotscheck> Right
15:21:03 <krotscheck> Let’s do that
15:21:09 <krotscheck> #topic Ongoing Work: Project Groups
15:21:16 <krotscheck> What’s up>
15:21:55 <NikitaKonovalov> The Project Group controller is on review
15:22:14 <NikitaKonovalov> I've noticed a comment from ruhe, so I'll add docs on that
15:23:20 <NikitaKonovalov> The strange thing I found about pecan while doing this is that it's routing different types of requests in defferent ways
15:23:21 <krotscheck> Yeah, sorry, I’ve been mulling over your response to my comments.
15:23:35 <NikitaKonovalov> I mean somehow GETs and POSTs work
15:23:42 <krotscheck> But PUT and DELETE doesn't.
15:23:44 <NikitaKonovalov> but PUT is always 404
15:23:48 <krotscheck> Have you asked on #pecanpy?
15:23:55 <NikitaKonovalov> not yet
15:24:00 <NikitaKonovalov> (we had hollidays)
15:24:05 <ryanpetrello> ask away :)
15:24:08 <ryanpetrello> I’m hanging out over there
15:24:14 <NikitaKonovalov> willdo
15:24:14 <krotscheck> Indeed, and you’ve got more holidays soon, correct?
15:24:39 <NikitaKonovalov> Friday this week is a holiday
15:24:49 <krotscheck> Right, and next week is the Summit.
15:25:07 <krotscheck> And this week is openstack vacation week.
15:25:26 <NikitaKonovalov> I'll try to complete Project Groups this week
15:25:34 <krotscheck> NikitaKonovalov: Alright.
15:25:45 <krotscheck> #topic Ongoing Work: Teams
15:25:49 <krotscheck> What about teams?
15:25:58 <NikitaKonovalov> As for the Teams API it's pretty much the same
15:26:05 <NikitaKonovalov> as Project Groups
15:26:18 <krotscheck> Right
15:26:20 <NikitaKonovalov> so I work on both of them in parallel
15:26:51 <krotscheck> Alright. I’ll see what I can do about putting together a UI that’ll make those things available so people can start bitching about them.
15:27:07 <krotscheck> #action krotscheck UI/UX pass for basic team/project group management
15:27:39 <krotscheck> (Incidentally, if I’m moving between topics too quickly, please yell at me.)
15:27:53 <krotscheck> #topic Future Work: Oauth Is Not Secure Interwebz Pannik!!1!11
15:28:19 <krotscheck> There was a bit of an internet kerfluffle recently int he wake of Heartbleed that basically said “OAuth is not secure OMGOMG!"
15:28:48 <krotscheck> From what I gather, it’s a cross domain redirect issue caused by shitty client implementations. I haven’t dug into it much more than that.
15:29:06 <krotscheck> #link http://it.slashdot.org/story/14/05/02/2015227/nasty-security-flaw-in-oauth-openid
15:30:06 <krotscheck> I’d like someone (I’m starting to feel a bit overloaded) to dig into this a bit more and explain to us what’s going on.
15:30:12 <krotscheck> And how to fix it for Storyboard
15:30:16 <krotscheck> (Assuming we can)
15:30:27 <krotscheck> Any volunteers?
15:30:38 <krotscheck> (Doesn’t have to happen immediately, just needs to happen soon)
15:31:39 <krotscheck> Alright, we’ll leave that as an open ask.
15:31:53 <krotscheck> #task krotscheck Add story to capture OAuth security concerns.
15:32:19 <krotscheck> #topic Future Work: User Admin * OAuth Key Management (For API Consumers)
15:32:52 <krotscheck> We need a way for a superadmin to A) create users (ex: jenkins), and B) Issue persistent API keys for that user.
15:34:16 <krotscheck> We don’t have a story yet, but I feel that’s going to come up as an infra ask fairly soon, given that nibalizer’s working on building a jenkins client.
15:34:18 <krotscheck> So
15:34:23 <NikitaKonovalov> krotscheck: what do you mean by persistent?
15:34:36 <krotscheck> NikitaKonovalov: No expiration date.
15:34:49 <krotscheck> NikitaKonovalov: Something that Infra can drop into hiera and feed to a config file via puppet.
15:35:17 <NikitaKonovalov> krotscheck: now I see
15:35:34 <krotscheck> So my question there is: Do we just let people issue a key with no expiration date, or do we let them issue a key, but ALSO implement refresh tokens.
15:35:48 <krotscheck> So that eventually, the OAuth token is completely unknown to anyone but the API
15:36:01 <krotscheck> I prefer the latter, but that’s a bigger ask.
15:36:31 <NikitaKonovalov> We will need refresh tokens sooner or later
15:37:10 <NikitaKonovalov> so do we need to hack expiration for some corner cases
15:37:50 <krotscheck> Good question.
15:38:26 <krotscheck> So how about we try to come up with the crazy amazing design that we want, as well as the simplest possible implementation, and then see if we can plot a path between the two?
15:40:06 <krotscheck> Hrm. Ok, let’s punt this to design discussion instead. We need to think about this a bit more.
15:40:19 <NikitaKonovalov> I can start making a draft of a refresh_token endpoint and see how it goes
15:40:26 <krotscheck> Go for it.
15:40:38 <krotscheck> #action NikitaKonovalov Start a draft for Refresh Token endpoint.
15:40:50 <krotscheck> #topic Future Work: Event Subscription
15:41:03 <krotscheck> Is this something we care about? This was a crazy idea I had.
15:41:06 <krotscheck> Actually
15:41:12 <krotscheck> Nevermind. Crazy ideas need to be in miscellaneous.
15:41:20 <krotscheck> Any other future work?
15:41:25 <krotscheck> #topic Future Work: Other
15:42:16 <krotscheck> NikitaKonovalov, gothicmindfood Anything else under “Future Work"?
15:42:43 <NikitaKonovalov> There is a change with some fixes to last_path controller in UI https://review.openstack.org/#/c/92090/
15:42:51 <NikitaKonovalov> reviewers are welcome
15:43:14 <krotscheck> #action krotscheck Review https://review.openstack.org/#/c/92090/
15:43:18 <krotscheck> Cool
15:43:30 <krotscheck> #topic Summit: Storyboard Session
15:43:47 <krotscheck> ttx has a session! Is there anything you need from us for the content of that session?
15:44:59 <krotscheck> Ok, silence from ttx.
15:45:08 <krotscheck> #topic Summit: UX Testing
15:45:15 <krotscheck> gothicmindfood: The floor is yours
15:47:08 <krotscheck> And silence from her as well.
15:47:34 <krotscheck> Ok, so gothicmindfood and I are going to spend some time while we’re at the summit grabbing random people and exposing them to storyboard.
15:47:55 <krotscheck> We’ve got two things we’re going to do: One is actual user recording of storyboard usage, given a basic set of tasks to complete.
15:48:02 <krotscheck> This will give us an idea of where the UI falls down.
15:48:25 <krotscheck> To facilitate this, I’ve set up a storyboard dev instance here: https://15.125.123.224/#!/
15:48:43 <krotscheck> It’s not the fastest in the world, but it works.
15:49:19 <krotscheck> The other UX test is going to be more along the lines of paper testing, where we’re preparing some UX mockups which we’ll print out and walk people through while we’re there.
15:49:54 <krotscheck> At the moment I believe we’ve got Tag-Based searching (See Invision mock) and the dashboard.
15:50:16 <krotscheck> Mocks will be up on Invision today (hopefully) so that the team can review them and we can iterate a few times before presenting it to people.
15:50:46 <krotscheck> #topic Open Discussion
15:50:50 * NikitaKonovalov is waiting to see results
15:50:53 <krotscheck> Anything for open discussion?
15:51:34 <krotscheck> Next weeks meeting: Should we have it?
15:52:11 <NikitaKonovalov> if it's a summit week, no reason for a meeting I guess
15:52:16 <krotscheck> I don’t have any sessions during that time, so I don’t mind showing up.
15:52:25 <krotscheck> But let’s keep it informal with no agenda or anything.
15:52:59 <NikitaKonovalov> krotscheck: works for me
15:53:02 <krotscheck> Alrightey.
15:53:11 <krotscheck> I think that’s it.
15:53:52 <krotscheck> #endmeeting