[openstack-dev] [keystone] [oslo] postpone key distribution bp until icehouse?

Simo Sorce simo at redhat.com
Wed Aug 14 18:21:24 UTC 2013

On Wed, 2013-08-14 at 12:41 -0300, Thierry Carrez wrote:
> Dolph Mathews wrote:
> > With regard
> > to: https://blueprints.launchpad.net/keystone/+spec/key-distribution-server
> > [...]
> Dolph: you don't mention Barbican at all, does that mean that the issue
> is settled and the KDS should live in keystone ?
> A side-benefit of landing early in Icehouse rather than late in Havana,
> IMHO, was that we could put everyone in the same room (and around the
> same beers) and get a single path forward.
> I'm a bit worried (that's with my release management hat on) that if
> everyone discovers that Barbican is the way to go for key distribution
> at the Hong-Kong summit, we would now have to deprecate the in-Keystone
> KDS over several releases just because it landed a few weeks too early.
> That said I haven't followed closely the latest discussions on this, so
> maybe this is not as much duplication of effort as I think ?

For the Nth time KDS and Barbican do not do the same job, no more than
Keystone auth paths and barbican do the same job. All three use crypto
and 'keys' ... in completely different ways.


Simo Sorce * Red Hat, Inc * New York

More information about the OpenStack-dev mailing list