We're _all_ winners.<br><br>On Friday, April 8, 2016, Brad Topol <<a href="mailto:btopol@us.ibm.com">btopol@us.ibm.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><p>If Termie comes out of retirement to respond to a thread are there really any winners??? :-)<br><br>--Brad<br><br><br>Brad Topol, Ph.D.<br>IBM Distinguished Engineer<br>OpenStack<br>(919) 543-0646<br>Internet:  <a href="javascript:_e(%7B%7D,'cvml','btopol@us.ibm.com');" target="_blank">btopol@us.ibm.com</a><br>Assistant: Kendra Witherspoon (919) 254-0680<br><br><img width="16" height="16" src="cid:1__=0ABBF51CDFCD29398f9e8a93df938690918c0AB@" border="0" alt="Inactive hide details for Monty Taylor ---04/08/2016 01:10:23 PM---On 04/08/2016 11:12 AM, Andy Smith wrote: > Aaaaaahahahahhah"><font color="#424282">Monty Taylor ---04/08/2016 01:10:23 PM---On 04/08/2016 11:12 AM, Andy Smith wrote: > Aaaaaahahahahhahahahhaahhahahahahahahahahhahhahahahahhah</font><br><br><font size="2" color="#5F5F5F">From:        </font><font size="2">Monty Taylor <<a href="javascript:_e(%7B%7D,'cvml','mordred@inaugust.com');" target="_blank">mordred@inaugust.com</a>></font><br><font size="2" color="#5F5F5F">To:        </font><font size="2">"OpenStack Development Mailing List (not for usage questions)" <<a href="javascript:_e(%7B%7D,'cvml','openstack-dev@lists.openstack.org');" target="_blank">openstack-dev@lists.openstack.org</a>></font><br><font size="2" color="#5F5F5F">Date:        </font><font size="2">04/08/2016 01:10 PM</font><br><font size="2" color="#5F5F5F">Subject:        </font><font size="2">Re: [openstack-dev] [tc][ptl][keystone] Proposal to split authentication part out of Keystone to separated project</font><br></p><hr width="100%" size="2" align="left" noshade style="color:#8091a5"><br><br><br><tt>On 04/08/2016 11:12 AM, Andy Smith wrote:<br>> Aaaaaahahahahhahahahhaahhahahahahahahahahhahhahahahahhahaha<br><br>This is the indication that this thread wins.<br><br>> On Thu, Apr 7, 2016 at 6:23 AM Lance Bragstad <<a href="javascript:_e(%7B%7D,'cvml','lbragstad@gmail.com');" target="_blank">lbragstad@gmail.com</a><br>> <</tt><tt><a href="javascript:_e(%7B%7D,'cvml','lbragstad@gmail.com');" target="_blank">mailto:lbragstad@gmail.com</a></tt><tt>>> wrote:<br>><br>>     In response to point 2.2, the progress with Fernet in the last year<br>>     has exposed performance pain points in keystone. Finding sensible<br>>     solutions for those issues is crucial in order for people to adopt<br>>     Fernet. In Mitaka we had a lot of discussion that resulted in<br>>     landing several performance related patches.<br>><br>>     As of today, we're already focusing on scalability, performance, and<br>>     simplicity. I'm afraid a project split would only delay the work<br>>     we're doing right now.<br>><br>>     On Wed, Apr 6, 2016 at 5:34 PM, Morgan Fainberg<br>>     <<a href="javascript:_e(%7B%7D,'cvml','morgan.fainberg@gmail.com');" target="_blank">morgan.fainberg@gmail.com</a> <</tt><tt><a href="javascript:_e(%7B%7D,'cvml','morgan.fainberg@gmail.com');" target="_blank">mailto:morgan.fainberg@gmail.com</a></tt><tt>>> wrote:<br>><br>><br>><br>>         On Wed, Apr 6, 2016 at 6:29 PM, David Stanek<br>>         <<a href="javascript:_e(%7B%7D,'cvml','dstanek@dstanek.com');" target="_blank">dstanek@dstanek.com</a> <</tt><tt><a href="javascript:_e(%7B%7D,'cvml','dstanek@dstanek.com');" target="_blank">mailto:dstanek@dstanek.com</a></tt><tt>>> wrote:<br>><br>><br>>             On Wed, Apr 6, 2016 at 3:26 PM Boris Pavlovic<br>>             <<a href="javascript:_e(%7B%7D,'cvml','bpavlovic@mirantis.com');" target="_blank">bpavlovic@mirantis.com</a> <</tt><tt><a href="javascript:_e(%7B%7D,'cvml','bpavlovic@mirantis.com');" target="_blank">mailto:bpavlovic@mirantis.com</a></tt><tt>>> wrote:<br>><br>><br>>                 2) This will reduce scope of Keystone, which means 2 things<br>>                 2.1) Smaller code base that has less issues and is<br>>                 simpler for testing<br>>                 2.2) Keystone team would be able to concentrate more on<br>>                 fixing perf/scalability issues of authorization, which<br>>                 is crucial at the moment for large clouds.<br>><br>><br>>             I'm not sure that this is entirely true. If we truly just<br>>             split up the project, meaning we don't remove functionality,<br>>             then we'd have the same number of bugs and work. It would<br>>             just be split across two projects.<br>><br>>             I think the current momentum to get out of the authn<br>>             business is still our best bet. As Steve mentioned this is<br>>             ongoing work.<br>><br>>             -- David<br>><br>><br>>         What everyone else said... but add in the need then to either<br>>         pass the AuthN over to the Assignment/AuthZ api or bake it in<br>>         (via apache module?) and we are basically where we are now.<br>><br>>         Steve alluded to splitting out the authentication bit (but not<br>>         to a new service), the idea there is to make it so AuthN is not<br>>         part of the CRUD interface of the server. All being said, AuthN<br>>         and AuthZ are going to be hard to split into two separate<br>>         services and with exception of the unfounded "scope" benefit, we<br>>         already can handle most of what you've proposed with zero<br>>         changes to Keystone.<br>><br>>         Cheers,<br>>         --Morgan<br>><br>><br>>         __________________________________________________________________________<br>>         OpenStack Development Mailing List (not for usage questions)<br>>         Unsubscribe:<br>>         <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>>         <</tt><tt><a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a></tt><tt>><br>>         </tt><tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></tt><tt><br>><br>><br>>     __________________________________________________________________________<br>>     OpenStack Development Mailing List (not for usage questions)<br>>     Unsubscribe:<br>>     <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>>     <</tt><tt><a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a></tt><tt>><br>>     </tt><tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></tt><tt><br>><br>><br>><br>> __________________________________________________________________________<br>> OpenStack Development Mailing List (not for usage questions)<br>> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>> </tt><tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></tt><tt><br>><br><br><br>__________________________________________________________________________<br>OpenStack Development Mailing List (not for usage questions)<br>Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br></tt><tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></tt><tt><br><br></tt><br><br><br>
<p></p></div>
</blockquote>