15:04:18 <dmendiza[m]> #startmeeting keystone
15:04:18 <opendevmeet> Meeting started Tue Jun 14 15:04:18 2022 UTC and is due to finish in 60 minutes.  The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:04:18 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:04:18 <opendevmeet> The meeting name has been set to 'keystone'
15:04:45 <dmendiza[m]> #topic Roll Call
15:05:15 <dmendiza[m]> Courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek
15:05:32 <xek> o/
15:05:41 <h_asahina> o/
15:05:47 <knikolla> o/
15:05:56 <dmendiza[m]> Hi y'all!
15:06:09 <dmendiza[m]> Let's get started
15:06:19 <dmendiza[m]> #topic Review Last Meeting Action Items
15:06:38 <dmendiza[m]> #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-05-31-15.00.html
15:07:22 <dmendiza[m]> There was a few
15:07:25 <dmendiza[m]> > d34dh0r53 talk to dmendiza[m] about next weeks meeting
15:07:37 <dmendiza[m]> I assume this was about whether or not we were going to meet last week
15:07:44 <dmendiza[m]> So, no. :)
15:07:58 <dmendiza[m]> With most folks at the summit, I figured we'd skip the meeting.
15:08:21 <dmendiza[m]> > d34dh0r53 dmendiza[m] knikolla review meeting logs and discuss https://review.opendev.org/c/openstack/keystone-specs/+/843765/4/specs/keystone/zed/support-oauth2-mtls.rst
15:09:43 <dmendiza[m]> I probably should've looked at meeting logs
15:09:56 <dmendiza[m]> so I just learned about this.
15:10:03 <dmendiza[m]> We'll add it to the agenda to review specs
15:10:52 <dmendiza[m]> > d34dh0r53 dmendiza[m] knikolla review https://review.opendev.org/c/openstack/keystone-specs/+/334364
15:11:53 <knikolla> i've cleared up a lot from my calendar today so i can catch up on reviews :/
15:15:40 <dmendiza[m]> Cool
15:16:30 <dmendiza[m]> I'll add this spec to the spec reviews as well
15:17:17 <dmendiza[m]> and the last action item
15:17:20 <dmendiza[m]> > d34dh0r53 ask dmendiza[m] about this bandit line in the agenda
15:17:58 <dmendiza[m]> >     bandit seems to be broken, cannot build keystone from git
15:18:17 <dmendiza[m]> I think that's what d34dh0r53 was talking about
15:18:55 <dmendiza[m]> I think admiyo was talking about not being able to run bandit from a fresh clone
15:19:02 <dmendiza[m]> I can try to do that and see how it goes
15:19:38 <dmendiza[m]> #action dmendiza[m] to try to run keystone from a fresh clone
15:19:50 <dmendiza[m]> #topic Liaison Updates
15:19:58 <dmendiza[m]> I don't have any
15:20:17 <dmendiza[m]> #topic Summit Recap
15:20:24 <dmendiza[m]> I unfortunately had to cancel my trip to the Summit
15:26:04 <dmendiza[m]> Anyone make it to Berlin and want to give a quick recap?
15:29:14 <dmendiza[m]> I'll take that as a no
15:29:16 <dmendiza[m]> moving on ...
15:29:31 <dmendiza[m]> #topic OAuth 2.0
15:29:48 <dmendiza[m]> Looks like we still need lots of reviews
15:29:50 <dmendiza[m]> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:30:03 <dmendiza[m]> Also a new spec
15:30:05 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/843765
15:30:12 <dmendiza[m]> h_asahina: did you want to talk about these
15:30:15 <h_asahina> yes
15:31:03 <h_asahina> I put the brief explanation on agenda 31th May.
15:31:29 <h_asahina> as I wrote there I've submitted the spec and I've changed the contents from BP I submitted before.
15:31:45 <h_asahina> https://blueprints.launchpad.net/keystone/+spec/enhance-oauth2-interoperability
15:32:50 <h_asahina> The reason behind this change is recent update of ETSI NFV SOL013.
15:33:24 <h_asahina> Like I said before, I came from OpenStack Tacker that is aiming at implementing ETSI NFV standard,
15:33:52 <h_asahina> and the latest version of that standard forces NFV components like Tacker to implement mutual TLS
15:34:39 <dmendiza[m]> I haven't had a chance to read the spec, but I think mtls would be a good addition
15:35:02 <h_asahina> that's glad to hear
15:35:41 <h_asahina> So, I proposed mutual TLS in Spec
15:36:53 <h_asahina> but the detailed implementation is not clear in the standard like whether or not we should implement mutual-TLS OAuth2.0 or just mutual-TLS. so, we're confirming it to standarad organization now.
15:37:29 <h_asahina> Therefore, we might omit some work items listed in the spec, but we won't add additional items.
15:38:23 <h_asahina> I wrote a kind of the maximum work items as we can imagne. so please kindly review it and hopefully give us your feedback.
15:40:12 <h_asahina> and I'd like to note that as dmendiza said mutual-TLS will not ruin the security of Keystone.
15:40:53 <dmendiza[m]> thanks h_asahina
15:41:08 <dmendiza[m]> Hopefully we'll get back to reviewathons this week
15:41:12 <dmendiza[m]> and we'll look at the specs
15:41:20 <h_asahina> great. thanks.
15:41:39 <dmendiza[m]> #topic Secure RBAC
15:41:42 <dmendiza[m]> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:47:44 <dmendiza[m]> Ok, took me a second to find the link I needed
15:47:45 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/818603
15:47:49 <dmendiza[m]> looks like the spec is merged
15:48:29 <dmendiza[m]> The review needs some TLC
15:48:30 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone/+/822601
15:50:14 <dmendiza[m]> We'll try to get to those for reviewathon
15:50:58 <dmendiza[m]> I haven't had a chance to look into what I missed for the Summit with regards to SRBAC
15:51:10 <dmendiza[m]> Hopefully not to much
15:51:13 <dmendiza[m]> *too much
15:51:19 <dmendiza[m]> Moving on ...
15:51:40 <dmendiza[m]> #topic Gate inherited assignments from parent (bbobrov)
15:51:48 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/334364
15:51:57 <dmendiza[m]> We should probably review this at reviewathon also
16:01:49 <dmendiza[m]> Aaand we're out of time.
16:02:07 <dmendiza[m]> See y'all Friday for the reviewathon.
16:02:11 <dmendiza[m]> #endmeeting