18:02:03 #startmeeting keystone 18:02:04 Meeting started Tue Apr 21 18:02:03 2015 UTC and is due to finish in 60 minutes. The chair is stevemar. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:02:06 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 18:02:08 The meeting name has been set to 'keystone' 18:02:14 linky link: https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting 18:02:28 #link https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting 18:02:38 thanks bknudson :P 18:02:48 meetbot doesn't get linky link yet, I don't think. 18:02:55 #topic Meeting schedule 18:02:59 stevemar, you going to do the vote to see which irc nicks we can cull? 18:03:07 #undo 18:03:07 Removing item from minutes: 18:03:18 #topic Rollcall 18:03:21 don't put me on the roll call list. I've got a meeting invite anyways. 18:03:26 #vote yes! 18:03:38 oops jump the gun there 18:03:47 #startvote Rollcall? here 18:03:48 Begin voting on: Rollcall? Valid vote options are here. 18:03:49 Vote using '#vote OPTION'. Only your last vote counts. 18:03:55 #vote here 18:03:56 #vote here 18:03:57 #vote abstain 18:03:58 bknudson: abstain is not a valid option. Valid options are here. 18:03:59 #vote here 18:04:00 #vote here 18:04:00 #vote here 18:04:01 #vote here 18:04:04 #vote here 18:04:05 #vote here 18:04:05 #vote here 18:04:07 #vote here 18:04:08 #vote here 18:04:09 #vote here 18:04:12 #vote here 18:04:18 #vote here 18:04:34 10 more seconds.... 18:04:39 hmm 18:04:46 #vote here 18:04:50 #vote here 18:04:52 quickly jamielennox ! 18:04:54 #vote here 18:04:59 #vote here 18:04:59 #vote hiding-from-stevemar 18:05:00 morganfainberg: hiding-from-stevemar is not a valid option. Valid options are here. 18:05:17 #endvote 18:05:18 Voted on "Rollcall?" Results are 18:05:19 here (18): rodrigods, gyee, dstanek, ayoung, morganfainberg, lhcheng, dolphm, davechen, marekd, david8hu, samueldmq, ericksonsantos, amakarov_, htruta, jamielennox, rharwood, raildo, stevemar 18:05:30 ahhh. damn 18:05:33 I missed it 18:05:35 alright, we should have a new rollcall list 18:05:40 don't worry lbragstad i got your back 18:05:50 thanks stevemar! 18:05:56 #topic Meeting schedule. 18:05:56 it's a union of the first three meeitngs of the cycle fwiw 18:05:59 so... 18:06:05 is everyone still good with this time? 18:06:18 this is the time to change it if we aren't good with this time. 18:06:21 works for me. 18:06:21 ++ 18:06:28 stevemar: whos is not essentially us-based now? 18:06:42 I only have to put up with it until dst ends. 18:06:49 henry-nash? 18:06:51 bknudson, lol 18:06:57 me, henry, jamielennox 18:07:08 rodrigods is not US. 18:07:19 neither are me and raildo 18:07:21 morganfainberg: he is 'close to US-time zone' i think :-) 18:07:25 lol 18:07:26 but it's close 18:07:28 yea, later is always good - but it can't be any earlier for me 18:07:29 marekd, yep 18:07:38 later works for me. 18:07:45 mareked: I am not in the US, but I am fine with it. 18:07:47 later would be fine for me too 18:07:50 I guess henrynash would not like later. 18:07:54 i think later not so good for the EU though 18:07:55 we could push this later but it might be bad for marekd and Henrynash 18:07:56 and marekd 18:07:58 meeting starts at 9pm for me and breton 18:08:03 davechen: what time is it now? 18:08:16 marekd: 2 AM here. 18:08:16 2am for davechen ? 18:08:25 I am fine so as long as it is between 9am - 5pm PST 18:08:25 an hour or two later works for me, but i like to have time left in the day after the meeting 18:08:26 davechen, wow, serious trooper! :) 18:08:27 several teams have 2 meeting times and switch off. 18:08:29 davechen: :O - damn 18:08:33 here is 3 PM, earlier and later is good 18:08:40 bknudson, i'd like to avoid that unless we really really benefit from it. 18:08:49 bknudson, but if we have a diverse enough group we could do that 18:08:52 Gonna be painful for someone no matter when we hold it 18:08:59 ayoung, yep 18:09:05 stevemar: ok, so i think it's impossible to make it 'not to early (jamielennox would suffer)' and 'not too late (davechen will be angry)' 18:09:07 keep it steady if no drive to change 18:09:08 I don't think we know what we're missing since people don't show up if they're asleep. 18:09:18 lets keep it where it is for now, and discuss if we want to alternate at the summit 18:09:22 ++ 18:09:27 morganfainberg: 18:09:27 i'm ok with where it is now 18:09:39 ok 18:09:59 and if we want to, we'll find a slot and do alternating times or similar. 18:10:05 yep 18:10:19 ++ 18:10:25 onto next topic... 18:10:36 #topic Liberty Priorities 18:10:51 morganfainberg, i think you have the floor, if you can type on phone fast enough 18:10:57 #link https://etherpad.openstack.org/p/keystone-liberty-priority-specs 18:11:01 we have this etherpad 18:11:12 morganfainberg is fast on the phone. 18:11:23 Apple (R) 18:11:26 bknudson, i got back home. 18:11:41 bknudson, i was walking back from breakfast. but just sat down. 18:11:52 anyway. etherpad, that is the general gist of what we're looking at 18:11:56 i think we want to keep the amount of "new" features fairly small for liberty? 18:11:59 yes. 18:12:11 our target is 5 "new" (read: api impacting) features 18:12:23 quality instead of quantity! 18:12:30 gyee, that's the goal anyway 18:12:31 things like "refactor for stable ABIs" while feature-like, is not something i classify as a "new" feature 18:12:45 morganfainberg, can anyone add ideas in there? 18:12:48 samueldmq, yes 18:12:55 if your paycheck is depending on statanalytics that might be sad though :) 18:12:55 stevemar: morganfainberg: don't worry, i will come up with something federation-related sooner or later :-) 18:13:03 morganfainberg, nice, thx 18:13:13 so, this week please check the list. please put your name with +/- vote for the various things 18:13:22 Federation should be core 18:13:25 feel free to use 18:13:32 '++' for high priority 18:13:36 gyee: if your paycheck depends on that you may want to find a new place to work :-) 18:13:56 satanalytics hehe 18:13:56 next week we will cull this down and look to see what features have Specs proposed/pending for backlog 18:14:08 and determine what we're going to focus on 18:14:27 did we want to discuss any of the items here now? 18:14:40 stevemar, lets circle up at the end and discuss specifics then 18:14:46 stevemar, so we can get through the rest of the schedule 18:14:46 alright 18:14:53 also table the summit bits 18:15:12 morgabra, skip to Midcycle update ? 18:15:16 stevemar, yep 18:15:20 #topic Midcycle update 18:15:26 that's a while away, but alright 18:15:34 Since we had an overwhelming majorty wanting a midcycle 18:15:48 we are going to do one. I will send an email to the list this week or next. 18:15:53 confirming some details. 18:15:55 let's have it someplace boring then nobody will want a midcycle. 18:15:59 ayoung, has some info for us. 18:16:08 OK...so here is my working assumptions 18:16:10 bknudson: you can come to Cleveland then :-) 18:16:16 cleveland rocks! 18:16:18 dstanek, i was thinking needles CA 18:16:18 people want to have it in Boston...but not in Westford. 18:16:23 This sound about right? 18:16:40 Westford wouldn't be awful either if Boston isn't doable. 18:16:40 i liked the cambridge idea someone had 18:16:52 If we do Westford, RH can easily host etc. 18:16:59 nova is having midcycle here in rochester. 18:17:12 if we have space, anywhere in that area would be good. 18:17:13 Cambridge and Boston are pretty interchagnnable. i was looking in to Boston University...the MOC folks are willing to help out 18:17:15 Levi's Standium in Santa Clara smells like a brand new car 18:17:19 i would love someplace drivable! 18:17:22 ayoung, BU would be awesome. 18:17:22 bknudson: about time :) 18:17:25 its a good location, and neutral company wise. 18:17:50 There are hotels along the river ,adn with Summer time, the schools should be out, and prices a little lower 18:18:14 I chatted quickly with the HP rep at the Boston OpenStack meetup, as well as Dell, and both are willing to helpout somewhat 18:18:14 i will also work to find out if we can do a hotel block. 18:18:49 I'll drive forward with this if I get a thumbs up from the team? 18:18:58 https://www.google.com/maps/place/Boston+University:+Physics+Department/@42.348381,-71.100336,15z/data=!4m2!3m1!1s0x0:0xbbd229e8b6463759?sa=X&ei=f5Q2Vf8pidqwBILWgNgB&ved=0CHcQ_BIwDQ 18:19:00 * morganfainberg likes the BU idea. 18:19:04 roughly the location 18:19:07 I'm not picky. 18:19:12 same 18:19:30 ayoung, you sure you dont want it in the Bahamas? 18:19:39 david8hu, this way I don't have to travel 18:19:45 BU sounds great 18:19:47 I live two towns over 18:20:09 anyone against BU as a target? 18:20:20 ayoung, we don't have a release schedule yet... 18:20:38 looks like there's some hotels in the vacinity. 18:20:50 right and yes 18:21:03 bknudson, I'd probably target the one right across the river: 18:21:12 Hyatt Regency Cambridge 18:21:14 I need to swim? 18:21:26 but we'll do the due 18:21:35 bknudson, in the Charles? 18:21:40 I'll join the rowing team 18:21:54 Its very walkable. BU bridge is right there 18:21:55 david8hu, maybe one day: http://www.bahamaslocal.com/showlisting/5965/IBM_Bahamas_Limited.html 18:22:17 it's right near fenway. 18:22:21 yep 18:22:27 stevemar, thinking about taking the disney cruise there ;) 18:22:29 boston is a good call for the summer midcycle 18:22:37 anyone have the proposed release schedule yet? 18:22:42 erm. thread link 18:22:45 * morganfainberg can't find it. 18:22:52 not so much for the january one 18:23:03 OK...I'll follow up. 18:23:03 didn't even know it was a thread yet 18:23:08 aha 18:23:10 iberty-1: June 25th 18:23:10 liberty-2: July 30th 18:23:11 liberty-3: September 3rd 18:23:12 final release: October 15th 18:23:30 ok so, ayoung, assume that is our schedule [tenative] 18:23:34 no one has complained yet about it 18:23:35 If it is the week of 7/20 unfortunatley those are all way games for the Red Sox 18:23:55 prev/next are home games 18:24:10 you guys stole the Panda! 18:24:14 ayoung, historically we'd do July 10th week 18:24:20 ayoung, 2 wks till milestone-2 18:24:27 Poor SF Giant Panda 18:24:28 2wks after midcycle. 18:24:36 i just don't want it to be aug 1-3 (PyOhio and all) 18:24:41 morganfainberg, so look into July 8-10? 18:24:44 erm 18:24:45 sorry 18:24:55 13-17 18:25:00 somewhere in there 18:25:04 its the 4th of July weekedn...people might be taking vacation 18:25:17 yeah lets not do jul4-timeframe 18:25:23 the week of 13-17 18:25:35 if we're aiming for pre-m2 18:25:42 so either 13-15 or 15-17? 18:25:45 the sooner the better i think. 18:25:48 or we could push to post m2 18:25:57 are we thinking the same deal Mon-Wed of a given week? 18:26:03 and use it as a hack-fest to test features and hack-a-way at bugs. 18:26:10 Sunday is the Yankees Game...ticks are already sold out 18:26:10 and non-API impacting "new things" 18:26:28 post m2 sounds good as we'll be discussing spec for the M release anyway 18:26:32 specs 18:26:51 if we go beyond m2, we need to commit to being able to land features w/o the midcycle 18:26:53 i think we can do it 18:27:02 a few weeks before m2 cuts is ideal in my mind 18:27:08 like a week or two 18:27:31 ayoung, so lets aim for wk of july 17, alternate wk of jul 30 [milestone 2 cut week] 18:27:37 Got it 18:28:03 wk of 17th is preferable, but if we can't make it work, due to Jul 4, etc, we need to go later 18:28:10 it the week of July 30 try to make it early in the week 18:28:15 dstanek, ++ 18:28:35 dstanek, 27-29 Jul? 18:28:45 i may be speaking at PyOhio so I'll have to be there on the 31st 18:28:46 I turn 44 on the 18th 18:29:02 But that is a Saturday, so I'm safe 18:29:02 cake! 18:29:06 Cake 18:29:12 27-29 would probably be fine is the prior week doesn't work out 18:29:14 #action ayoung to look into midcycle at BU: week of july 17th (preferable) or week of july 30th (alternate) 18:29:18 this is like the meeting times all over again :P 18:29:25 Free meal at Denny's 18:29:31 ok i think we're good 18:29:32 ++ 18:29:46 when do you think we'll know for sure? i have until May 15 to submit a proposal; so i could just wait 18:29:51 My brother is a Bartender. I'll put him on restaurant recommendation duty 18:30:01 dstanek, before may if we're doing this. 18:30:08 coolio 18:30:08 i want this to be confirmed before the summit 18:30:37 i think we're all good for now 18:30:41 next. 18:30:44 #topic "Official Publications for Identity" 18:30:53 So infra does something awesome. 18:31:05 yeah, what's that actually? 18:31:05 they do everything awesome. 18:31:08 thats not news 18:31:12 http://docs.openstack.org/infra/publications/ 18:31:13 bknudson: ++ 18:31:15 #link http://docs.openstack.org/infra/publications/ 18:31:23 infra is awesome at being infra, duh! 18:31:44 well i mean it is infra! (cc jeblair, clarkb, mordred) They are awesome! 18:31:46 ok 18:31:47 so anyway 18:31:55 i like that they have clear official publications 18:32:16 looks like a bunch of ppts 18:32:17 so is all of infra ^ (not meaning to exclude people from that list). 18:32:21 stevemar, they are not ppts 18:32:22 they are html 18:32:38 so. we should consider making official publications part of keystone 18:32:44 is the source in git? 18:32:50 bknudson, in a git tree 18:33:00 isn't ayoung's younglogic the official publication for identity? :) 18:33:05 gyee, yes 18:33:09 that would be a great idea 18:33:22 I wish we'd spend more time on the admin guide. 18:33:31 bknudson, all docs need love 18:33:31 morganfainberg: so what kind of stuff can we put in there? 18:33:34 my only feedback was to be careful to avoid putting things there that should arguably go in keystone's documentation 18:33:35 morganfainberg: would it include some whitepaper-like or publications like ayoung blog or the one we have at cern? 18:33:35 gyee, mine is a programmers notebook...with all that implies 18:33:40 http://docs.openstack.org/admin-guide-cloud/content/ch-identity-mgmt-config.html is really pathetic. 18:33:47 lets publish them 18:34:03 I'd think it should be cleaned up post blog...my blog is a decent format, but the info is from "I did it once and it worked" type stuff 18:34:08 or "here is what I think we should do" 18:34:12 marekd, it looks most like... how-tos 18:34:13 lbragstad, the point is if you give a talk especially if it's relevant to how keystone is deployed/interesting beyond the basic docs 18:34:15 it should go there 18:34:23 so, we could take all of our blog posts as input, but then polish them...for example 18:34:27 ayoung, that is the idea, take the focus off "well this one time i did thing x" 18:34:36 another good example would be rodrigods' blog on k2k 18:34:43 http://dolphm.com/the-anatomy-of-openstack-keystone-token-formats/ 18:34:57 or presentations at conferences 18:34:58 I really like ayoung's use-case specific blogs, like if you want to do this, here are the steps 18:35:00 mull on this. 18:35:00 Or pretty much anything on dolph's blog, to include the food. 18:35:01 I'd rather read a blog than a ppt. 18:35:06 stevemar: #link http://openstack-in-production.blogspot.ch/ -it is more like 'sharing our experience', something you don't necesarilly find on official docs 18:35:14 unless the ppt has some really nice slide transitions. 18:35:22 bknudson, the idea is they'd be published at HTML, either slide-style or blog-style 18:35:25 they are publications 18:35:35 it should work in a browser 18:35:50 but they would be *our* official publications 18:35:59 another good example would be using session auth w/ middleware 18:36:00 jamielennox also publishes some nice posts 18:36:13 marekd, we really all should 18:36:15 or more in-depth session examples that don't belong in the sphix generated docs. 18:36:17 anyway 18:36:20 I've seen goosd things out of most of the team members 18:36:22 mull it over. 18:36:30 think on how it should look 18:36:36 goosd->gooses->geese? 18:36:45 marekd: ++ there are a couple nice client-side posts from jamielennox that would be good examples of a publication 18:36:46 i'd like to make this a reality in liberty 18:37:07 morganfainberg, so this is going to be a repo 18:37:11 we can publish it to an official openstack.org location (keystone docs, or work to do like infra does), however it's approached. 18:37:12 i think we need to figure out what to do about the admin guide 18:37:16 just like the specs repo? 18:37:17 gyee, it would be and reviewed 18:37:22 nice 18:37:28 morganfainberg: ok, so is there any plan for that? Somebody voluteers to gather publications-proposals and later filter the inappripriate ones? 18:37:31 btw, I have written one on 'domain specific backends on sql' 18:37:31 http://www.samueldmq.com/domain-specific-configuration-on-sql/ 18:37:34 :) 18:37:42 Hey, one last thing on the Midcycle, is the preferred range July 15-17 (Wed-Friday) 18:37:46 marekd, you'd propose the publication to the repo where it lives. 18:37:49 ayoung, yes. 18:37:53 Cool 18:37:53 ayoung, that works. 18:38:04 marekd, it would be reviewed. require 2x+2 / +A 18:38:10 marekd, just like a spec or code review 18:38:15 marekd, then it becomes an official publication 18:38:26 ayoung, I hope we all invited to your bday party :) 18:38:29 morganfainberg: makes sense! 18:38:31 morganfainberg: repo link ? 18:38:31 on the 18th 18:38:38 marekd, no repo exists yet 18:38:43 morganfainberg: ok. 18:38:47 morganfainberg: so what about maintaining them? 18:38:49 morganfainberg, how is infra doing it? 18:38:50 marekd, we can either do what infra does: per-branch publication in a seperate repo 18:39:08 or we can place them in our tree under sometihng /docs like but handled specifically for publications 18:39:11 morganfainberg: I imagine they will get out of date, so are we going to maintain them like standard keystone docs too? 18:39:18 lbragstad, it is on us to maintain them but look at the infra link 18:39:21 they have previous versions 18:39:25 :101 18:39:29 we can cycle things to older versions if they are tagged. 18:39:38 to a specific release etc 18:40:00 anyway just wanted to seed the idea 18:40:02 please think about it 18:40:05 lets move on. 18:40:09 lots to do 18:40:13 morganfainberg: imho, it's a good idea. 18:40:36 i have to bail to pick up my kid; i'll be watching on mobile though 18:40:42 there are some 'epic' publications here, floating around and used many times (like rodrigods blogspost about k2k) 18:41:00 ++ 18:41:02 that one's awesome 18:41:19 stevemar, next topic plz. 18:41:21 or jamielennox post about sessions. 18:41:27 #topic keystoneclient / keystonemiddleware stable releases 18:41:35 #link https://review.openstack.org/#/q/topic:bug/1411063,n,z 18:41:57 not much to it... we've got some security fixes in stable releases of clients / middleware 18:42:03 so was wondering about a release. 18:42:26 didn't we just released 1.6.0 18:42:34 bknudson, we're waiting for a fix from dhellmann 18:42:39 bknudson, so we don't break the world 18:42:41 this would be stable releases (e.g., 1.5.1 18:42:44 bknudson, when we release 18:42:46 morganfainberg: fix for what 18:42:51 jamielennox, uncapped libs. 18:42:58 jamielennox, or capped.. or something related to stable branches 18:43:01 that's in master, not stable. 18:43:09 bknudson, was talking to ttx about it today 18:43:12 morganfainberg, I just saw an email about middleware 1.6.0 release 18:43:18 ok, that saga is ongoing 18:43:21 that's the latest right? 18:43:30 bknudson, we are waiting until dhellmann for stable releases later this week. 18:43:39 we've got stable branches for clients and keystonemiddleware now 18:43:54 so we can release a fix for 1.5.0 18:43:54 bknudson, this was specifically for the stable branches. 18:43:54 oh, nevermind, we're talking about stable 18:44:01 gyee, yep 18:44:08 bknudson, but we will be doing stable releases this week. 18:44:16 dhellmann is currently spamming everyone :) 18:44:26 keystonemiddleware stable/juno is *almost* working. 18:44:38 I think the rest are working. 18:44:42 bknudson, thanks for chasing down all the ick on fixing those 18:44:46 bknudson, really appreciate it 18:45:02 having these stable branches should help out my team. 18:45:23 ok lets move to the next topic. 18:45:35 We should be producing Stable Branch RDO based RPMS for people than need to test them 18:45:50 as a note: we will review no-spec BPs in -keystone after this meeting 18:46:00 #topic Any needs to enfore unique constraint 18:46:08 davechen, dstanek ^ 18:46:19 I saw some comment from David about this bug (https://bugs.launchpad.net/keystone/+bug/1439928) 18:46:19 Launchpad bug 1439928 in Keystone "can create the same type and name of a service with v3 API" [Medium,Won't fix] - Assigned to huanghao (huang1hao) 18:46:35 can 18:46:36 and dolphm, so that may not b valid bug. 18:46:38 davechen, we can't make service.name unique 18:46:39 can't break it 18:46:44 it would break lots of deployments 18:46:45 we don't know how people are using it 18:46:55 we *could* make service.name + service.type unique 18:47:09 but it still leaves doors open to break people 18:47:13 yes, I want to know what you think about this bug 18:47:14 https://bugs.launchpad.net/keystone/+bug/1403408 18:47:14 Launchpad bug 1403408 in Keystone "Redundant endpoints found in the table "endpoint"" [Medium,Confirmed] - Assigned to Dave Chen (wei-d-chen) 18:47:16 I think this would be against the API stability guideline: https://wiki.openstack.org/wiki/APIChangeGuidelines 18:47:18 morganfainberg, i would think that still breaks people 18:47:28 stevemar, less likely, but possible. 18:47:29 looks like they are similar 18:47:46 this is a case of: sucks but we're stuck with it. 18:47:47 config option, maybe? 18:47:47 so we could change it but that would require opt-in. 18:48:10 ayoung, with a config option and enforced at the manager and/or driver layer? 18:48:13 sounds icky to me. 18:48:16 yep 18:48:22 ickissimo 18:48:24 ++ on the ickyness 18:48:27 wouldn't be thread-safe. 18:48:32 multiprocess-safe 18:48:33 your config option would need to detect if it was an upgrade or a new install 18:48:34 bknudson, at the driver layer we could do it. 18:48:42 bknudson, with optimistic locking style... but still ick 18:48:52 we just need to document this limitation i think 18:49:01 and say "sorry wont fix" across the board 18:49:11 with microversions and/or V4 API we can fix. 18:49:15 is it really a problem? 18:49:15 but not until then. 18:49:22 ayoung, not really 18:49:25 ayoung, the non-unique name+type is a ux complaint 18:49:26 k 18:49:32 I keep doing this and it hurts. 18:49:51 yea, it creates weird catalogs too 18:50:12 in the real word, adding a new service is a workflow 18:50:12 we can definitely fix it for v4 or microversions 18:50:13 document it is good idea. Shall we also document it about the "endponts"? 18:50:52 davechen, yeah lets add clear warnings/documentation 18:50:55 looks like endpoint_group also miss unique contraint. 18:51:04 ten minutes left, next topic 18:51:08 davechen, endpoint_group is a slightly different deal 18:51:11 anyway next topic. 18:51:20 stevemar, back to liberty priorities 18:51:23 k 18:51:27 if any are meant to be discussed 18:51:34 #topic Liberty Priorities part duex 18:51:39 #link https://etherpad.openstack.org/p/keystone-liberty-priority-specs 18:51:59 #info please review https://etherpad.openstack.org/p/Keystone-liberty-summit-brainstorm and +/- with name for support of discussion at the summit (fishbowl sessions) 18:52:02 I need to catch ayoung about a generic way to do tokenless 18:52:06 maybe after lunch 18:52:09 gyee, sure 18:52:15 gyee, I think it is really close 18:52:21 anyone have any strong feelings towards the proposed specs? 18:52:33 ayoung, I do want to think about other mechanisms like kerberos 18:52:42 kerberos is on a lot of folks mind 18:52:42 please propose specs to the backlog for things you'd like to see in liberty. 18:53:02 i don't think domain config improvements counts as a spec? 18:53:11 gyee: some bits in the mapping engine were missing to make it happen, remember which ones? 18:53:18 stevemar, it's a spec, API impacting, but not one of the 5 features 18:53:19 : 18:53:26 stevemar, it's a need to make domain-sql "stable" 18:53:28 marekd, I think we're all good 18:53:30 what are the expectations for approving for backlog? is it the same for approving for L? 18:53:35 the mapping has all we needed 18:53:38 morganfainberg, ah okay 18:53:41 bknudson, approved to backlog is "good idea and we want it" 18:53:42 or do we not need all the details for a backlog spec? 18:53:51 bknudson, approved to L is "full spec, all details hashed out" 18:54:02 bknudson, backlog means anyone can pick it up and run with it 18:54:05 morganfainberg, we should sub-divide that list to 'new features' vs 'minor features' ... maybe 18:54:08 bknudson, we know we like the idea. 18:54:23 stevemar, sounds good, most "minor" things are tagged in the etherpad with (minor) 18:54:35 so they are... 18:54:41 bknudson, but it might need more fleshing out before we approve for a specific release. 18:54:48 dual scoped tokens? 18:54:54 whats that about? 18:54:54 whahhh?! 18:54:56 bknudson, example is the one i just proposed, it has a TBD for the API spec. 18:55:02 ok, I'll use those criteria. 18:55:02 stevemar, domain+project = same thing 18:55:04 stevemar, dual scope? 18:55:24 hmph, okay... 18:55:34 can we not call that dual-scoped 18:55:41 yeah 18:55:46 bknudson, my goal with the backlog is to flush out bad ideas, and have a store of good ideas for when people say "hey i want to contribute what can i work on" 18:55:57 sounds like it was going to be scoped to two projects or some nonsense 18:56:09 jamielennox, yeah dual-scope is bad name 18:56:28 Can I scope one token to 2 keystones? 18:56:42 bknudson, you're welcome to try 18:56:50 bknudson, yes, its called federation 18:57:00 reseller, tokenless auth, dynamic policy, already at 3/5 major new features 18:57:13 bknudson, with fernet, possible 18:57:15 what's about tokenless auth? 18:57:25 sounds kickass'y 18:57:27 bknudson, but the assignment data would need to be synchronised 18:57:42 marekd, kickassess'y 18:57:55 marekd, its for servcie users, so they don't need to go, get a token, and then perform the operation. Its dumb to get a token to validate a token. 18:58:08 ayoung, also for getting a token i would support 18:58:12 ayoung, we can do that for horizon too, in theory 18:58:19 ayoung, generally supporting client-certs or alternatives for any keystone action. 18:58:34 Horizon shouldn't need it. But no reason to limit who can use it 18:58:35 ayoung, but i don't want to make middleware have to figure all that out for a user. 18:58:35 marekd, it was bumped from L the spec is avail in backlog 18:58:50 MFA / trusted devices would be cool 18:59:28 any last remarks? 18:59:29 trusted devices for what? 18:59:46 bknudson, things to provide you pin numbers for MFA 18:59:47 should be using barbican. 18:59:49 bknudson, "trusted browser" don't ask me for MFA token again for 30mins 18:59:50 i assume 19:00:04 stevemar, time 19:00:08 #endmeeting