[openstack-dev] Incubation Request for Barbican

Jarret Raim jarret.raim at RACKSPACE.COM
Tue Dec 10 14:02:04 UTC 2013

> I'd like to look at keeping things simple when they can be simple. I
>need to understand why there¹s
> already a key distribution service under keystone?

I¹ve said before that I think the KDS more properly belongs in Barbican
rather than Keystone. There is a thread on this list detailing other
people¹s thoughts on the issue. I think the issue boiled down to two main
concerns. First, some are concerned / resistant about having to install
another service. Second, Barbican is going through our incubation process
right now. Some felt that they didn¹t wan to wait and that Keystone was
the shorter path.

> There could be two ways of looking at this - is Identity changing their
>scope? Or is an incubating
> project trying to take work away from an existing program? Not sure. I
>mostly just want to know who is
> best served by a new code base getting incubated under our defined

Dolph can better answer the question about scope, but I think the KDS
going into Keystone is a matter of expediency rather than best fit.  As
I¹ve mentioned before, Keystone will use Barbican to satisfy some of their
requirements, but key management is a fundamentally separate process from
identity management.

> I agree that Barbican solves different problems than identity, and we
>need to figure out the motivations
> for the seeming pressing need to differentiate from
>keystone-the-project. There's autonomy, gathering
> your own team, and probably other reasons. Can you expand on your need
>for pursuing this incubation route?

I sent out a mail to this list of the types of things that Barbican will
tackle that have nothing to do with identity. These processes are
fundamentally different than those in Keystone and the Keystone
functionality is completely separate from anything that Barbican will do.

There have been several folks asking this questions and I¹m honestly
confused where the desire to push the two projects together is coming
from. Can someone be more specific about why they think these two projects
overlap? Is it solely because they both have to do with security? Or is
there something else?

> I do realize we are clarifying our incubation route, so partially we
>need to explore the "incubation under an existing²
> possibility and pros and cons. I'm doing something unofficial with the
>training group, for example. There are certainly
> pros and cons there. But I don't want to muddy the waters with that
>discussion, I want to hear from Barbican about your
> explorations of collaborating with Keystone and your motivations for
>wanting a separate application.

This certainly sounds like a good idea, but I don¹t think it applies to
the Barbican / Keystone projects.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5611 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131210/1927d505/attachment.bin>

More information about the OpenStack-dev mailing list