[openstack-dev] [Keystone][Oslo] Future of Key Distribution Server, Trusted Messaging

Mark McLoughlin markmc at redhat.com
Fri Nov 22 18:49:09 UTC 2013


On Fri, 2013-11-22 at 11:04 +0100, Thierry Carrez wrote:
> Russell Bryant wrote:
> > [...]
> > I'm not thrilled about the prospect of this going into a new project for
> > multiple reasons.
> > 
> >  - Given the priority and how long this has been dragging out, having to
> > wait for a new project to make its way into OpenStack is not very appealing.
> > 
> >  - A new project needs to be able to stand on its own legs.  It needs to
> > have a reasonably sized development team to make it sustainable.  Is
> > this big enough for that?
> 
> Having it in Barbican (and maybe have Barbican join under the identity
> program) would mitigate the second issue. But the first issue stands,
> and I share your concerns.

Yes, I agree. It's disappointing that this change of plans looks like
its going to push out the ability of an OpenStack deployment to be
secured.

If this becomes a Barbican API, then we might be able to get the code
working quickly ... but it will still be some time before Barbican is an
integrated project, and so securing OpenStack will only be possible if
you use this non-integrated project.

Mark.




More information about the OpenStack-dev mailing list