#openstack-keystone log

15:00:28 <d34dh0r53> #startmeeting keystone
15:00:28 <opendevmeet> Meeting started Tue May 31 15:00:28 2022 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:28 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:28 <opendevmeet> The meeting name has been set to 'keystone'
15:00:39 <d34dh0r53> #topic Roll Call
15:01:08 <d34dh0r53> courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek
15:01:34 <d34dh0r53> #topic Review past meeting work items
15:02:23 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone_weekly_meeting/2022/keystone_weekly_meeting.2022-05-24-15.04.html
15:03:26 <d34dh0r53> I had an action item to discuss with dmendiza[m] the meeting during the summit.
15:03:56 <d34dh0r53> I was not able to connect with Doug, so we'll have to talk about it in Berlin.  We'll update you here about the status of the meeting
15:04:17 <d34dh0r53> #action d34dh0r53 talk to dmendiza[m] about next weeks meeting
15:04:31 <d34dh0r53> #topic Specifications
15:04:39 <d34dh0r53> OAuth 2.0
15:04:45 <h-asahina> o/
15:04:48 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:05:04 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/843765
15:05:34 <h-asahina> Zuul is still in progress...
15:05:39 <d34dh0r53> h-asahina: I see you submitted the additional specification for Mutual-TLS support
15:06:16 <h-asahina> yes and I've just fixed tox which failed building recently
15:06:58 <h-asahina> Also, I've submitted the bug report regarding this problem of tox
15:07:14 <h-asahina> I'll submit the patch to fix it separately later.
15:07:24 <d34dh0r53> h-asahina: excellent, thank you
15:07:32 <h-asahina> :)
15:07:49 <h-asahina> I'd like to explain the contents of the spec now. is it ok?
15:08:02 <d34dh0r53> h-asahina: yes, that is fine
15:08:15 <h-asahina> thanks
15:08:59 <h-asahina> I'll briefly explain the background of this spec as we have changed the contents from the BP.
15:09:27 <h-asahina> Actually, we have to change our contents for Zed release as our priority has been changed.
15:10:18 <h-asahina> As I explained before, I came from OpenStack Tacker project that try to make Virtual Network Function Manager supporint the famous standard in that area called ETSI NFV SOL.
15:10:48 <h-asahina> and that's why we need to meet the latest standard
15:11:55 <h-asahina> In the latest SOL013, which define the common API specification for NFV components (including VNFM), forces the components to use OAuth2.0 mutual TLS, i.e., RFC8705.
15:12:02 <h-asahina> https://datatracker.ietf.org/doc/html/rfc8705
15:12:37 <h-asahina> To meets this requirement, we'd like to implement RFC8705 to Keystone, KeystoneMiddleware and keystoneauth.
15:13:07 <h-asahina> Changes to do it includes the contents of BP but also includes several new parts like adding APIs.
15:13:35 <h-asahina> So, I'd like to hear the feasibility of this proposal from Keystone core.
15:14:24 <h-asahina> I note that this changes will not reduce the security level by the way.
15:15:26 <h-asahina> Could you tell me your opinion?
15:17:17 <d34dh0r53> h-asahina: The specification you've provided looks good, but I am not qualified to fully give an opinion at this time.
15:17:52 <d34dh0r53> h-asahina: I will bring this up as an item for discussion with dmendiza[m] and knikolla at the Summit next week.  Are you going to be there?
15:18:27 <h-asahina> unfortunately, I'm not
15:19:16 <d34dh0r53> h-asahina: ok
15:20:19 <d34dh0r53> #action d34dh0r53 dmendiza[m] knikolla review meeting logs and discuss https://review.opendev.org/c/openstack/keystone-specs/+/843765/4/specs/keystone/zed/support-oauth2-mtls.rst
15:20:30 <h-asahina> so, plese give me comments on the spec. I'll check and reply it.
15:21:04 <d34dh0r53> h-asahina: yes, we will and hopefully time will permit us to hold the weekly meeting so we can discuss further
15:21:31 <h-asahina> good
15:21:33 <d34dh0r53> thank you h-asahina!
15:21:39 <d34dh0r53> moving on to Secure RBAC
15:21:40 <h-asahina> thank you too!
15:21:51 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:22:32 <d34dh0r53> I don't have any updates for Secure RBAC
15:23:10 <d34dh0r53> next up: Gate inherited assignments from parent (bbobrov)
15:23:14 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/334364
15:25:04 <d34dh0r53> we will review this at the summit as well as it's been updated recently
15:25:18 <d34dh0r53> bbobrov: do you have anything you'd like to add?
15:26:12 <d34dh0r53> #action d34dh0r53 dmendiza[m] knikolla review https://review.opendev.org/c/openstack/keystone-specs/+/334364
15:27:51 <d34dh0r53> #topic public discussion
15:28:20 <d34dh0r53> I need to ask dmendiza[m] about bandit and building from git
15:28:37 <d34dh0r53> #action d34dh0r53 ask dmendiza[m] about this bandit line in the agenda
15:28:49 <d34dh0r53> anything else?
15:29:46 <d34dh0r53> ok, moving on
15:29:58 <opendevreview> Alexandre arents proposed openstack/keystone master: Federation: add support for projects_json assertion  https://review.opendev.org/c/openstack/keystone/+/844098
15:30:05 <d34dh0r53> #topic bug review
15:30:16 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:30:35 <d34dh0r53> looks like one new keystone bug: https://bugs.launchpad.net/keystone/+bug/1976387
15:30:52 <d34dh0r53> this was from h-asahina and a fix is forthcoming
15:31:10 <h-asahina> yes
15:31:15 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:31:26 <d34dh0r53> no new python-keystoneclient bugs
15:31:42 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:31:49 <d34dh0r53> no new keystoneauth bugs
15:32:08 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:32:22 <d34dh0r53> no new keystomemiddleware bugs
15:32:39 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:32:44 <d34dh0r53> no new pycadf bugs
15:33:01 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:33:09 <d34dh0r53> and, no new ldappool bugs
15:33:25 <d34dh0r53> #topic open floor
15:33:35 <d34dh0r53> Does anyone have anything else for this week?
15:34:25 <d34dh0r53> Reminder than the OpenInfra Summit is next week in Berlin, I'm looking forward to meeting and seeing those who can make it
15:35:18 <d34dh0r53> Another reminder that we'll be having another reviewathon at 15:00 UTC this Friday.  Please let me know if you'd like to be included and I can send you the invite.
15:38:15 <d34dh0r53> Thanks everyone!
15:38:20 <d34dh0r53> #endmeeting