
<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">On 09/06/2015 03:31 PM, Duncan Thomas

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAOyZ2aEKoAb9m=qz69u93G9cbkS6toybz7gdv9JR97jv9RVMgA@mail.gmail.com"

      type="cite">

      <p dir="ltr"><br>

        On 5 Sep 2015 05:47, "Adam Young" <<a moz-do-not-send="true"

          href="mailto:ayoung@redhat.com">ayoung@redhat.com</a>>

        wrote:</p>

      <p dir="ltr">> Then let my Hijack:<br>

        ><br>

        > Policy is still broken.  We need the pieces of Dynamic

        policy.<br>

        ><br>

        > I am going to call for a cross project policy discussion

        for the upcoming summit.  Please, please, please all the

        projects attend. The operators have made it clear they need

        better policy support.<br>

      </p>

      <p dir="ltr">Can you give us a heads up on the perceived

        shortcomings, please, together with an overview of any proposed

        changes? Turning up to a session to hear, unprepared, something

        that can be introduced in advance over email so that people can

        ruminate on the details and be better prepared to discuss them

        is probably more productive than expecting tired, jet-lagged

        people to think on their feet.</p>

      <p dir="ltr">In general, I think the practice of introducing new

        things at design summits, rather than letting people prepare, is

        slowing us down as a community.<br>

      </p>

    </blockquote>

    <br>

    I've been harping o0n this for a while, both at summits and before.<br>

    <br>

    It starts with:<br>

    <br>

    <a class="moz-txt-link-freetext" href="https://bugs.launchpad.net/keystone/+bug/968696">https://bugs.launchpad.net/keystone/+bug/968696</a><br>

    <br>

    We can't fix that until we have an approach that lets us unstick the

    situations where we need a global admin.<br>

    <br>

    This was the start of it:<br>

    <a class="moz-txt-link-freetext" href="https://adam.younglogic.com/2014/11/dynamic-policy-in-keystone/">https://adam.younglogic.com/2014/11/dynamic-policy-in-keystone/</a><br>

    <br>

    Submitted this overview spec (which was termed not implementable

    because it was an overview)<br>

    <br>

    <a class="moz-txt-link-freetext" href="https://review.openstack.org/#/c/147651/">https://review.openstack.org/#/c/147651/</a><br>

    <br>

    <br>

    <br>

    and a bunch of supporting specs:<br>

    <br>

<a class="moz-txt-link-freetext" href="https://review.openstack.org/#/q/status:open+project:openstack/keystone-specs+branch:master+topic:dynamic-policy,n,z">https://review.openstack.org/#/q/status:open+project:openstack/keystone-specs+branch:master+topic:dynamic-policy,n,z</a><br>

    <br>

    We've m,ade very little progress on this since this point 6 months

    ago.<br>

    <br>

    Had a cross project policy discussion in Vancouver.  It was almost

    all Keystone folks, with a very few people from other projects.<br>

    <br>

    <br>

    <br>

    <blockquote

cite="mid:CAOyZ2aEKoAb9m=qz69u93G9cbkS6toybz7gdv9JR97jv9RVMgA@mail.gmail.com"

      type="cite">

      <p dir="ltr">

      </p>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">__________________________________________________________________________

OpenStack Development Mailing List (not for usage questions)

Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>

<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>