<tt><font size=2><br>
> From: Doug Hellmann <doug@doughellmann.com></font></tt>
<br><tt><font size=2>> To: "OpenStack Development Mailing List
(not for usage questions)" <br>
> <openstack-dev@lists.openstack.org>, </font></tt>
<br><tt><font size=2>> Date: 08/26/2014 10:11 AM</font></tt>
<br><tt><font size=2>> Subject: Re: [openstack-dev] [infra] [keystone]
pysaml2/xmlsec1 dep <br>
> blocking keystone-to-keystone federation</font></tt>
<br><tt><font size=2>> <br>
> <br>
> On Aug 26, 2014, at 7:44 AM, Sean Dague <sean@dague.net> wrote:<br>
> <br>
> > On 08/26/2014 05:38 AM, Thierry Carrez wrote:<br>
> >> Hi keystone/infra,<br>
> >> <br>
> >> One key upcoming Juno feature (Keystone to keystone federation)
is<br>
> >> currently blocked on adding pysaml2 to requirements:<br>
> >> <br>
> >> </font></tt><a href=https://review.openstack.org/#/c/113294/><tt><font size=2>https://review.openstack.org/#/c/113294/</font></tt></a><tt><font size=2><br>
> >> <br>
> >> It was -1ed by Doug after the discussion at the release meeting
last<br>
> >> week, where the xmlsec1 dependency was raised as a potential
infra issue.<br>
> >> <br>
> >> There doesn't seem to be so many good alternatives though.
Steve<br>
> >> mentioned saml, but it's a bit alpha, and I have no idea
how much work<br>
> >> would be required to use that instead of pysaml2 at this
point.<br>
> >> <br>
> >> How blocking is the xmlsec1 dependency from an Infra perspective
? How<br>
> >> doable would a migration to saml at this point be ? I'm trying
to find a<br>
> >> solution so that we can ship this feature :)<br>
> > <br>
> > I don't think this has anything to do with Infra. xmlsec1 is
included in<br>
> > Debian / Ubuntu and Fedora.<br>
> > <br>
> > I think the complaint was about whether this library existed
for MacOSX,<br>
> > which honestly, I *don't* think is a valid argument against adding
a<br>
> > requirement as that's not a target environment for OpenStack.<br>
> <br>
> My impression was this library would also be needed for keystone <br>
> client, not just the server or middleware. Did I misunderstand?<br>
> <br>
> Doug<br>
</font></tt>
<br><font size=2 face="sans-serif">Hey Doug,</font>
<br>
<br><font size=2 face="sans-serif">Just talked it over with Marek, we shouldn't
need it for keystoneclient. Just the server side.</font>
<br>
<br><tt><font size=2>> <br>
> > <br>
> > I'm +2 on this moving forward. I feel that the keystone team
answered<br>
> > the questions needed.<br>
> > <br>
> > -Sean<br>
> > <br>
> > -- <br>
> > Sean Dague<br>
> > </font></tt><a href=http://dague.net/><tt><font size=2>http://dague.net</font></tt></a><tt><font size=2><br>
> > <br>
> > _______________________________________________<br>
> > OpenStack-dev mailing list<br>
> > OpenStack-dev@lists.openstack.org<br>
> > </font></tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"><tt><font size=2>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</font></tt></a><tt><font size=2><br>
> <br>
> <br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> OpenStack-dev@lists.openstack.org<br>
> </font></tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"><tt><font size=2>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</font></tt></a><tt><font size=2><br>
> <br>
</font></tt>