> From: Doug Hellmann <d...@doughellmann.com>
> To: "OpenStack Development Mailing List (not for usage questions)"
> <openstack-dev@lists.openstack.org>,
> Date: 08/26/2014 10:11 AM
> Subject: Re: [openstack-dev] [infra] [keystone] pysaml2/xmlsec1 dep
> blocking keystone-to-keystone federation
>
>
> On Aug 26, 2014, at 7:44 AM, Sean Dague <s...@dague.net> wrote:
>
> > On 08/26/2014 05:38 AM, Thierry Carrez wrote:
> >> Hi keystone/infra,
> >>
> >> One key upcoming Juno feature (Keystone to keystone federation) is
> >> currently blocked on adding pysaml2 to requirements:
> >>
> >> https://review.openstack.org/#/c/113294/
> >>
> >> It was -1ed by Doug after the discussion at the release meeting last
> >> week, where the xmlsec1 dependency was raised as a potential infra issue.
> >>
> >> There doesn't seem to be so many good alternatives though. Steve
> >> mentioned saml, but it's a bit alpha, and I have no idea how much work
> >> would be required to use that instead of pysaml2 at this point.
> >>
> >> How blocking is the xmlsec1 dependency from an Infra perspective ? How
> >> doable would a migration to saml at this point be ? I'm trying to find a
> >> solution so that we can ship this feature :)
> >
> > I don't think this has anything to do with Infra. xmlsec1 is included in
> > Debian / Ubuntu and Fedora.
> >
> > I think the complaint was about whether this library existed for MacOSX,
> > which honestly, I *don't* think is a valid argument against adding a
> > requirement as that's not a target environment for OpenStack.
>
> My impression was this library would also be needed for keystone
> client, not just the server or middleware. Did I misunderstand?
>
> Doug
Hey Doug,
Just talked it over with Marek, we shouldn't need it for keystoneclient. Just the server side.
>
> >
> > I'm +2 on this moving forward. I feel that the keystone team answered
> > the questions needed.
> >
> > -Sean
> >
> > --
> > Sean Dague
> > http://dague.net
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev@lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
