[openstack-dev] Incubation Request for Barbican

Russell Bryant rbryant at redhat.com
Fri Dec 13 13:56:24 UTC 2013

On 12/12/2013 05:26 PM, Dolph Mathews wrote:
>     My reason for keeping them separate is more practical:  the Keystone
>     team is already somewhat overloaded.  I know that a couple of us
>     have interest in contributing to Barbican, the question is time and
>     prioritization. 

I don't think that's a very good reason.  Barbican has a team already.
It's not a whole new project being completely placed on an existing team.

Closer collaboration could result in getting *more* help with Keystone.

>     Unless there is some benefit to having both projects in the same
>     program with essentially different teams, I think Barbican should
>     proceed as is.  I personally plan on contributing to Barbican.

There may be...

> /me puts PTL hat on
> ++ I don't want Russel's job.

Harsh!  ;-)

> Keystone has a fairly narrow mission statement in my mind (come to think
> of it, I need to propose it to governance..), and that's basically to
> abstract away the problem of authenticating and authorizing the API
> users of other openstack services. Everything else, including identity
> management, key management, key distribution, quotas, etc, is just
> secondary fodder that we tend to help with along the way... but they
> should be first class problems in someone else's mind.
> If we rolled everything together that kind of looks related to keystone
> under a big keystone program for the sake of organizational tidiness, I
> know I would be less effective as a "PTL" and that's a bit
> disheartening. That said, I'm always happy to help where I can.

I get the arguments that there is not overlap right now, necessarily.  I
do worry a bit about silos where they shouldn't exist, though.  I think
some things to consider are:

1) Are each of the items you mention big enough to have a sustainable
team that can exist as its own program?

2) Would there be a benefit of *changing* the scope and mission of the
Identity program to accomodate a larger problem space?  "Security"
sounds too broad ... but I'm sure you see what I'm getting at.

When we're talking about authentication, authorization, identity
management, key management, key distribution ... these things really
*do* seem related enough that it would be *really* nice if a group was
looking at all of them and how they fit into the bigger OpenStack
picture.  I really don't want to see silos for each of these things.

So, would OpenStack benefit from a tighter relationship between these
projects?  I think this may be the case, personally.

Could this tighter relationship happen between separate programs?  It
could, but I think a single program better expresses the intent if
that's really what is best.

Russell Bryant

More information about the OpenStack-dev mailing list