15:01:39 <krotscheck> #startmeeting storyboard 15:01:40 <openstack> Meeting started Mon May 5 15:01:39 2014 UTC and is due to finish in 60 minutes. The chair is krotscheck. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:41 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:43 <openstack> The meeting name has been set to 'storyboard' 15:01:48 <krotscheck> Agenda: https://wiki.openstack.org/wiki/StoryBoard#Meeting 15:01:58 <NikitaKonovalov> o/ 15:02:01 <krotscheck> I seem to recall russia having a holiday? Anyone here? 15:02:12 <gothicmindfood> o/ 15:02:33 <krotscheck> Neat 15:02:37 <krotscheck> There are actually people 15:02:45 <gothicmindfood> (though I'm on another call for the first half hour :( ) 15:03:15 <NikitaKonovalov> we had holidays, but not today 15:03:21 <krotscheck> #topic High Priority Items 15:03:44 <krotscheck> The only one we have at the moment is a bug I introduced in the project filters on stories, which I’ve fixed on friday and was approved this morning. 15:03:53 <krotscheck> Anyone have anything else? 15:03:57 <NikitaKonovalov> yep 15:04:16 <krotscheck> NikitaKonovalov? 15:04:28 <NikitaKonovalov> there was an issue in my timelie commits, which thanks to krotscheck review is now fixed 15:04:58 <NikitaKonovalov> actually the timeline events need to get some reviews 15:05:07 <krotscheck> Link? 15:05:13 <NikitaKonovalov> a moment 15:05:54 <NikitaKonovalov> #link https://review.openstack.org/#/q/status:open+storyboard+branch:master+topic:timeline,n,z 15:06:13 <krotscheck> Ncie 15:06:16 <krotscheck> Ok, 15:06:27 <krotscheck> #action krotscheck Review timeline ASAP 15:06:38 <krotscheck> gothicmindfood? Interested in putting some eyes on that? 15:07:01 <krotscheck> (We’ll move on while she gets time to respond) 15:07:09 <krotscheck> #topic Ongoing Work: Timeline API 15:07:25 <krotscheck> Any other updates on that? 15:07:59 <NikitaKonovalov> I guess no, maybe some day a UX man will make them look a bit better 15:08:42 <krotscheck> I can do that 15:08:53 <NikitaKonovalov> krotscheck: that'll be great 15:08:56 <krotscheck> #action krotscheck Add a task for UX review of timeline. 15:09:00 <krotscheck> #topic Ongoing Work: Task Priorities 15:09:13 <krotscheck> Dumb priorities are up for review. 15:09:24 <NikitaKonovalov> a link? 15:09:30 <krotscheck> This is a _temporary_ solution as discussed 3 weeks ago (or so). It’s just an enum. 15:10:39 <NikitaKonovalov> ok 15:10:41 <krotscheck> Yeah, trying to figure out how to do the neat search you did 15:11:22 <krotscheck> https://review.openstack.org/#/c/91675/ 15:11:26 <NikitaKonovalov> btw, new gerrit is good at autocompleting some fields for search 15:11:27 <krotscheck> https://review.openstack.org/#/c/91693/ 15:11:30 <krotscheck> There we go 15:12:12 <krotscheck> #topic Ongoing Work: Dashboard 15:12:21 <krotscheck> So, I’ve added the ability to filter by assignee_id. 15:12:36 <krotscheck> #link https://review.openstack.org/#/c/91912/ 15:12:44 <krotscheck> The next step there will be to surface that in the dashboard. 15:12:57 <SergeyLukjanov> folks, I'm sorry, need to go to office now 15:12:59 <krotscheck> It’s simple, but it’ll put something nice on the home page. 15:13:02 <krotscheck> SergeyLukjanov: No worries 15:13:18 <krotscheck> My question to the group is: Should the UI show Stories, Tasks, both? 15:13:27 <krotscheck> Also, what should the dashboard show when you’re not logged in? 15:13:59 <gothicmindfood> is there a way to show tasks discretely or generally, but stories more explicitly? 15:14:52 <krotscheck> gothicmindfood: I’m not certain I understand. 15:15:06 <gothicmindfood> krotscheck: me neither 15:15:12 <krotscheck> Right 15:15:24 <krotscheck> Ok, so how about I do a first UX pass at that to see what people think and then go from there. 15:15:45 <gothicmindfood> but I was just thinking about the question as a matter of prioritizing visibility of one over the other.. 15:15:57 <gothicmindfood> krotscheck: sounds good :) 15:15:59 <krotscheck> gothicmindfood: And maybe we’ll use that as one of our test cases at the summit :) 15:16:09 <gothicmindfood> krotscheck: yay! :) 15:16:12 <krotscheck> gothicmindfood: I’m thinking that if you’re not logge din, stories are probably more valuable. 15:16:13 <ruhe> i personally would like to see a project description as a default page. something similar to current launchpad.net/{OPENSTACK_PROJECT} 15:17:29 <krotscheck> ruhe: Is this for projects or for the default index? 15:18:31 <ruhe> krotscheck: https://storyboard.openstack.org/#!/project/456/overview to look like https://launchpad.net/sahara 15:18:42 <krotscheck> ruhe: Got it, so more project base. 15:19:09 <krotscheck> #action krotscheck Create task to UX-review Project Detail page, make it look like Launchpad Project Detail: https://storyboard.openstack.org/#!/project/456/overview to look like https://launchpad.net/sahara 15:19:22 <krotscheck> Back to the root dashboard. 15:19:37 <krotscheck> #action krotscheck Quick UX pass for logged in / not logged in home page. 15:19:57 <krotscheck> #topic Ongoing Work: Task Authors 15:20:08 <krotscheck> Urm, actually, this is from last weeks agenda and I think it just totally fell off my radar. 15:20:16 <krotscheck> So, no progress. 15:20:28 <krotscheck> NikitaKonovalov, want to take over? 15:20:38 <NikitaKonovalov> Tasks have their authors, there is nothing to say 15:20:56 <krotscheck> Don’t we need to show that in the UI? 15:20:56 <NikitaKonovalov> There is something to say about Project Groups and Teams 15:21:01 <krotscheck> Right 15:21:03 <krotscheck> Let’s do that 15:21:09 <krotscheck> #topic Ongoing Work: Project Groups 15:21:16 <krotscheck> What’s up> 15:21:55 <NikitaKonovalov> The Project Group controller is on review 15:22:14 <NikitaKonovalov> I've noticed a comment from ruhe, so I'll add docs on that 15:23:20 <NikitaKonovalov> The strange thing I found about pecan while doing this is that it's routing different types of requests in defferent ways 15:23:21 <krotscheck> Yeah, sorry, I’ve been mulling over your response to my comments. 15:23:35 <NikitaKonovalov> I mean somehow GETs and POSTs work 15:23:42 <krotscheck> But PUT and DELETE doesn't. 15:23:44 <NikitaKonovalov> but PUT is always 404 15:23:48 <krotscheck> Have you asked on #pecanpy? 15:23:55 <NikitaKonovalov> not yet 15:24:00 <NikitaKonovalov> (we had hollidays) 15:24:05 <ryanpetrello> ask away :) 15:24:08 <ryanpetrello> I’m hanging out over there 15:24:14 <NikitaKonovalov> willdo 15:24:14 <krotscheck> Indeed, and you’ve got more holidays soon, correct? 15:24:39 <NikitaKonovalov> Friday this week is a holiday 15:24:49 <krotscheck> Right, and next week is the Summit. 15:25:07 <krotscheck> And this week is openstack vacation week. 15:25:26 <NikitaKonovalov> I'll try to complete Project Groups this week 15:25:34 <krotscheck> NikitaKonovalov: Alright. 15:25:45 <krotscheck> #topic Ongoing Work: Teams 15:25:49 <krotscheck> What about teams? 15:25:58 <NikitaKonovalov> As for the Teams API it's pretty much the same 15:26:05 <NikitaKonovalov> as Project Groups 15:26:18 <krotscheck> Right 15:26:20 <NikitaKonovalov> so I work on both of them in parallel 15:26:51 <krotscheck> Alright. I’ll see what I can do about putting together a UI that’ll make those things available so people can start bitching about them. 15:27:07 <krotscheck> #action krotscheck UI/UX pass for basic team/project group management 15:27:39 <krotscheck> (Incidentally, if I’m moving between topics too quickly, please yell at me.) 15:27:53 <krotscheck> #topic Future Work: Oauth Is Not Secure Interwebz Pannik!!1!11 15:28:19 <krotscheck> There was a bit of an internet kerfluffle recently int he wake of Heartbleed that basically said “OAuth is not secure OMGOMG!" 15:28:48 <krotscheck> From what I gather, it’s a cross domain redirect issue caused by shitty client implementations. I haven’t dug into it much more than that. 15:29:06 <krotscheck> #link http://it.slashdot.org/story/14/05/02/2015227/nasty-security-flaw-in-oauth-openid 15:30:06 <krotscheck> I’d like someone (I’m starting to feel a bit overloaded) to dig into this a bit more and explain to us what’s going on. 15:30:12 <krotscheck> And how to fix it for Storyboard 15:30:16 <krotscheck> (Assuming we can) 15:30:27 <krotscheck> Any volunteers? 15:30:38 <krotscheck> (Doesn’t have to happen immediately, just needs to happen soon) 15:31:39 <krotscheck> Alright, we’ll leave that as an open ask. 15:31:53 <krotscheck> #task krotscheck Add story to capture OAuth security concerns. 15:32:19 <krotscheck> #topic Future Work: User Admin * OAuth Key Management (For API Consumers) 15:32:52 <krotscheck> We need a way for a superadmin to A) create users (ex: jenkins), and B) Issue persistent API keys for that user. 15:34:16 <krotscheck> We don’t have a story yet, but I feel that’s going to come up as an infra ask fairly soon, given that nibalizer’s working on building a jenkins client. 15:34:18 <krotscheck> So 15:34:23 <NikitaKonovalov> krotscheck: what do you mean by persistent? 15:34:36 <krotscheck> NikitaKonovalov: No expiration date. 15:34:49 <krotscheck> NikitaKonovalov: Something that Infra can drop into hiera and feed to a config file via puppet. 15:35:17 <NikitaKonovalov> krotscheck: now I see 15:35:34 <krotscheck> So my question there is: Do we just let people issue a key with no expiration date, or do we let them issue a key, but ALSO implement refresh tokens. 15:35:48 <krotscheck> So that eventually, the OAuth token is completely unknown to anyone but the API 15:36:01 <krotscheck> I prefer the latter, but that’s a bigger ask. 15:36:31 <NikitaKonovalov> We will need refresh tokens sooner or later 15:37:10 <NikitaKonovalov> so do we need to hack expiration for some corner cases 15:37:50 <krotscheck> Good question. 15:38:26 <krotscheck> So how about we try to come up with the crazy amazing design that we want, as well as the simplest possible implementation, and then see if we can plot a path between the two? 15:40:06 <krotscheck> Hrm. Ok, let’s punt this to design discussion instead. We need to think about this a bit more. 15:40:19 <NikitaKonovalov> I can start making a draft of a refresh_token endpoint and see how it goes 15:40:26 <krotscheck> Go for it. 15:40:38 <krotscheck> #action NikitaKonovalov Start a draft for Refresh Token endpoint. 15:40:50 <krotscheck> #topic Future Work: Event Subscription 15:41:03 <krotscheck> Is this something we care about? This was a crazy idea I had. 15:41:06 <krotscheck> Actually 15:41:12 <krotscheck> Nevermind. Crazy ideas need to be in miscellaneous. 15:41:20 <krotscheck> Any other future work? 15:41:25 <krotscheck> #topic Future Work: Other 15:42:16 <krotscheck> NikitaKonovalov, gothicmindfood Anything else under “Future Work"? 15:42:43 <NikitaKonovalov> There is a change with some fixes to last_path controller in UI https://review.openstack.org/#/c/92090/ 15:42:51 <NikitaKonovalov> reviewers are welcome 15:43:14 <krotscheck> #action krotscheck Review https://review.openstack.org/#/c/92090/ 15:43:18 <krotscheck> Cool 15:43:30 <krotscheck> #topic Summit: Storyboard Session 15:43:47 <krotscheck> ttx has a session! Is there anything you need from us for the content of that session? 15:44:59 <krotscheck> Ok, silence from ttx. 15:45:08 <krotscheck> #topic Summit: UX Testing 15:45:15 <krotscheck> gothicmindfood: The floor is yours 15:47:08 <krotscheck> And silence from her as well. 15:47:34 <krotscheck> Ok, so gothicmindfood and I are going to spend some time while we’re at the summit grabbing random people and exposing them to storyboard. 15:47:55 <krotscheck> We’ve got two things we’re going to do: One is actual user recording of storyboard usage, given a basic set of tasks to complete. 15:48:02 <krotscheck> This will give us an idea of where the UI falls down. 15:48:25 <krotscheck> To facilitate this, I’ve set up a storyboard dev instance here: https://15.125.123.224/#!/ 15:48:43 <krotscheck> It’s not the fastest in the world, but it works. 15:49:19 <krotscheck> The other UX test is going to be more along the lines of paper testing, where we’re preparing some UX mockups which we’ll print out and walk people through while we’re there. 15:49:54 <krotscheck> At the moment I believe we’ve got Tag-Based searching (See Invision mock) and the dashboard. 15:50:16 <krotscheck> Mocks will be up on Invision today (hopefully) so that the team can review them and we can iterate a few times before presenting it to people. 15:50:46 <krotscheck> #topic Open Discussion 15:50:50 * NikitaKonovalov is waiting to see results 15:50:53 <krotscheck> Anything for open discussion? 15:51:34 <krotscheck> Next weeks meeting: Should we have it? 15:52:11 <NikitaKonovalov> if it's a summit week, no reason for a meeting I guess 15:52:16 <krotscheck> I don’t have any sessions during that time, so I don’t mind showing up. 15:52:25 <krotscheck> But let’s keep it informal with no agenda or anything. 15:52:59 <NikitaKonovalov> krotscheck: works for me 15:53:02 <krotscheck> Alrightey. 15:53:11 <krotscheck> I think that’s it. 15:53:52 <krotscheck> #endmeeting