[openstack-dev] [infra] [keystone] pysaml2/xmlsec1 dep blocking keystone-to-keystone federation
Sean Dague
sean at dague.net
Tue Aug 26 11:44:50 UTC 2014
On 08/26/2014 05:38 AM, Thierry Carrez wrote:
> Hi keystone/infra,
>
> One key upcoming Juno feature (Keystone to keystone federation) is
> currently blocked on adding pysaml2 to requirements:
>
> https://review.openstack.org/#/c/113294/
>
> It was -1ed by Doug after the discussion at the release meeting last
> week, where the xmlsec1 dependency was raised as a potential infra issue.
>
> There doesn't seem to be so many good alternatives though. Steve
> mentioned saml, but it's a bit alpha, and I have no idea how much work
> would be required to use that instead of pysaml2 at this point.
>
> How blocking is the xmlsec1 dependency from an Infra perspective ? How
> doable would a migration to saml at this point be ? I'm trying to find a
> solution so that we can ship this feature :)
I don't think this has anything to do with Infra. xmlsec1 is included in
Debian / Ubuntu and Fedora.
I think the complaint was about whether this library existed for MacOSX,
which honestly, I *don't* think is a valid argument against adding a
requirement as that's not a target environment for OpenStack.
I'm +2 on this moving forward. I feel that the keystone team answered
the questions needed.
-Sean
--
Sean Dague
http://dague.net
More information about the OpenStack-dev
mailing list