[openstack-dev] Keystone PTL candidacy

Henry Nash henryn at linux.vnet.ibm.com
Tue Mar 5 15:14:37 UTC 2013


I'd like to put my name forward as a candidate for Keystone PTL.

As a core contributor for Keystone during the Grizzly cycle, I have worked on a number of new capabilities such as domains, domain scoping and name-spaces to help enhance how OpenStack can be used in the enterprise.  As part of that, I have witnessed the great progress the Keystone team has made overall in this, as well previous, cycles - my hat's off to them.

However, I believe our challenges are only just beginning.  The security of cloud systems is probably the most frequently articulated barrier to adoption of cloud (including an IaaS like OpenStack).  While keystone is only a piece of that security puzzle, it's a very important one.  We want OpenStack to be the platform of choice for larger and larger enterprises (either hosting their own clouds, or being hosted on public clouds) - for that to be true, we need to ensure our evolution of Keystone includes:

- Increased ability for integration into the established methods of authentication & authorization of an enterprise, as well corporate directories and areas like auditing and governance.
- Starts to add support for more advanced access control models (e.g. Attribute Based Access Control, ABAC)
- Increases support for easy movement of users & enterprises between clouds, including federation
- Enhancing what is provided to support existing and new services (either static or dynamic)
- Never forgetting the basics - resiliency & performance - as the clouds scale up, these will become more and more important and we need them stapled to our foreheads
- Continued support for the ability to stand up simple clouds for trials and experimentation, to ensure we don't lose site of the fact that we all had to start somewhere - and maintaining a vibrant community is the way to make sure OpenStack will always be greater than the sum of its parts.

We won't do the above, as well as the other advances that we want to make, in one release cycle, but we need to incrementally work towards all this.  We'll achieve that by having a shared vision combined with ensuring we support those that contribute in a way that makes them keep coming back for more.  If elected as PTL, I'll help make sure that's true.

I have spent my 30+ year career in the s/w industry (through 5 startups as well as at established companies like IBM) leading the engineering for many enterprise s/w products/platforms - and typically playing the role of ensuring that the technical evolution of our products balances the needs of new customers/markets, while not breaking existing customers and always maintaining purity of the architecture so that you don't sell off your future.  Whoever is elected PTL also needs to put this front and center.  I, for one, am eager to begin.



More information about the OpenStack-dev mailing list