On 12/13/13, 7:56 AM, "Russell Bryant" <rbry...@redhat.com> wrote:
>1) Are each of the items you mention big enough to have a sustainable >team that can exist as its own program? The answer here for Barbican and Keystone is yes. >2) Would there be a benefit of *changing* the scope and mission of the >Identity program to accomodate a larger problem space? "Security" >sounds too broad ... but I'm sure you see what I'm getting at. Dolph and I have talked about this a bit. Right now, if we combined them, it feels like we would have meetings where the first half would be about Keystone and the second about Barbican. Same for design sessions. The systems and the concerns they address are entirely separate. Currently the teams are also entirely separate. While I think we can encourage both teams to have a close relationship (Adam Young and I had a conversion about that recently), there is no benefit to combining the teams now other than to reduce the number of programs. As the combination doesn¹t help either project, it seems like Barbican having its own program is the best option. >When we're talking about authentication, authorization, identity >management, key management, key distribution ... these things really >*do* seem related enough that it would be *really* nice if a group was >looking at all of them and how they fit into the bigger OpenStack >picture. I really don't want to see silos for each of these things. I don¹t agree here. Key management and distribution can be used to solve problems in the identity space. They can also be used to solve problems in other spaces in openstack. Barbican uses keystone to provide auth / auth to keys, much like Nova uses keystone to provide auth / auth to servers. Additionally, Barbican will deal with other parts of the encryption space (e.g. SSL) that have very little to do with identity. >So, would OpenStack benefit from a tighter relationship between these >projects? I think this may be the case, personally. I think there would be benefit to individuals working together from the two projects where it makes sense - especially where we have knowledge overlaps. I don¹t agree that including Barbican in the Identity program is the right way to do that. >Could this tighter relationship happen between separate programs? It >could, but I think a single program better expresses the intent if >that's really what is best. Barbican¹s intent is to simplify key management to enable consuming systems and users to offer or use encryption in their services. This is a fundementally different mission than Keystone has. Jarret
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
