We're _all_ winners.<br><br>On Friday, April 8, 2016, Brad Topol <<a href="mailto:btopol@us.ibm.com">btopol@us.ibm.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><p>If Termie comes out of retirement to respond to a thread are there really any winners??? :-)<br><br>--Brad<br><br><br>Brad Topol, Ph.D.<br>IBM Distinguished Engineer<br>OpenStack<br>(919) 543-0646<br>Internet: <a href="javascript:_e(%7B%7D,'cvml','btopol@us.ibm.com');" target="_blank">btopol@us.ibm.com</a><br>Assistant: Kendra Witherspoon (919) 254-0680<br><br><img width="16" height="16" src="cid:1__=0ABBF51CDFCD29398f9e8a93df938690918c0AB@" border="0" alt="Inactive hide details for Monty Taylor ---04/08/2016 01:10:23 PM---On 04/08/2016 11:12 AM, Andy Smith wrote: > Aaaaaahahahahhah"><font color="#424282">Monty Taylor ---04/08/2016 01:10:23 PM---On 04/08/2016 11:12 AM, Andy Smith wrote: > Aaaaaahahahahhahahahhaahhahahahahahahahahhahhahahahahhah</font><br><br><font size="2" color="#5F5F5F">From: </font><font size="2">Monty Taylor <<a href="javascript:_e(%7B%7D,'cvml','mordred@inaugust.com');" target="_blank">mordred@inaugust.com</a>></font><br><font size="2" color="#5F5F5F">To: </font><font size="2">"OpenStack Development Mailing List (not for usage questions)" <<a href="javascript:_e(%7B%7D,'cvml','openstack-dev@lists.openstack.org');" target="_blank">openstack-dev@lists.openstack.org</a>></font><br><font size="2" color="#5F5F5F">Date: </font><font size="2">04/08/2016 01:10 PM</font><br><font size="2" color="#5F5F5F">Subject: </font><font size="2">Re: [openstack-dev] [tc][ptl][keystone] Proposal to split authentication part out of Keystone to separated project</font><br></p><hr width="100%" size="2" align="left" noshade style="color:#8091a5"><br><br><br><tt>On 04/08/2016 11:12 AM, Andy Smith wrote:<br>> Aaaaaahahahahhahahahhaahhahahahahahahahahhahhahahahahhahaha<br><br>This is the indication that this thread wins.<br><br>> On Thu, Apr 7, 2016 at 6:23 AM Lance Bragstad <<a href="javascript:_e(%7B%7D,'cvml','lbragstad@gmail.com');" target="_blank">lbragstad@gmail.com</a><br>> <</tt><tt><a href="javascript:_e(%7B%7D,'cvml','lbragstad@gmail.com');" target="_blank">mailto:lbragstad@gmail.com</a></tt><tt>>> wrote:<br>><br>> In response to point 2.2, the progress with Fernet in the last year<br>> has exposed performance pain points in keystone. Finding sensible<br>> solutions for those issues is crucial in order for people to adopt<br>> Fernet. In Mitaka we had a lot of discussion that resulted in<br>> landing several performance related patches.<br>><br>> As of today, we're already focusing on scalability, performance, and<br>> simplicity. I'm afraid a project split would only delay the work<br>> we're doing right now.<br>><br>> On Wed, Apr 6, 2016 at 5:34 PM, Morgan Fainberg<br>> <<a href="javascript:_e(%7B%7D,'cvml','morgan.fainberg@gmail.com');" target="_blank">morgan.fainberg@gmail.com</a> <</tt><tt><a href="javascript:_e(%7B%7D,'cvml','morgan.fainberg@gmail.com');" target="_blank">mailto:morgan.fainberg@gmail.com</a></tt><tt>>> wrote:<br>><br>><br>><br>> On Wed, Apr 6, 2016 at 6:29 PM, David Stanek<br>> <<a href="javascript:_e(%7B%7D,'cvml','dstanek@dstanek.com');" target="_blank">dstanek@dstanek.com</a> <</tt><tt><a href="javascript:_e(%7B%7D,'cvml','dstanek@dstanek.com');" target="_blank">mailto:dstanek@dstanek.com</a></tt><tt>>> wrote:<br>><br>><br>> On Wed, Apr 6, 2016 at 3:26 PM Boris Pavlovic<br>> <<a href="javascript:_e(%7B%7D,'cvml','bpavlovic@mirantis.com');" target="_blank">bpavlovic@mirantis.com</a> <</tt><tt><a href="javascript:_e(%7B%7D,'cvml','bpavlovic@mirantis.com');" target="_blank">mailto:bpavlovic@mirantis.com</a></tt><tt>>> wrote:<br>><br>><br>> 2) This will reduce scope of Keystone, which means 2 things<br>> 2.1) Smaller code base that has less issues and is<br>> simpler for testing<br>> 2.2) Keystone team would be able to concentrate more on<br>> fixing perf/scalability issues of authorization, which<br>> is crucial at the moment for large clouds.<br>><br>><br>> I'm not sure that this is entirely true. If we truly just<br>> split up the project, meaning we don't remove functionality,<br>> then we'd have the same number of bugs and work. It would<br>> just be split across two projects.<br>><br>> I think the current momentum to get out of the authn<br>> business is still our best bet. As Steve mentioned this is<br>> ongoing work.<br>><br>> -- David<br>><br>><br>> What everyone else said... but add in the need then to either<br>> pass the AuthN over to the Assignment/AuthZ api or bake it in<br>> (via apache module?) and we are basically where we are now.<br>><br>> Steve alluded to splitting out the authentication bit (but not<br>> to a new service), the idea there is to make it so AuthN is not<br>> part of the CRUD interface of the server. All being said, AuthN<br>> and AuthZ are going to be hard to split into two separate<br>> services and with exception of the unfounded "scope" benefit, we<br>> already can handle most of what you've proposed with zero<br>> changes to Keystone.<br>><br>> Cheers,<br>> --Morgan<br>><br>><br>> __________________________________________________________________________<br>> OpenStack Development Mailing List (not for usage questions)<br>> Unsubscribe:<br>> <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>> <</tt><tt><a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a></tt><tt>><br>> </tt><tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></tt><tt><br>><br>><br>> __________________________________________________________________________<br>> OpenStack Development Mailing List (not for usage questions)<br>> Unsubscribe:<br>> <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>> <</tt><tt><a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a></tt><tt>><br>> </tt><tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></tt><tt><br>><br>><br>><br>> __________________________________________________________________________<br>> OpenStack Development Mailing List (not for usage questions)<br>> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>> </tt><tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></tt><tt><br>><br><br><br>__________________________________________________________________________<br>OpenStack Development Mailing List (not for usage questions)<br>Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br></tt><tt><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></tt><tt><br><br></tt><br><br><br>
<p></p></div>
</blockquote>