[openstack-dev] [infra] [keystone] pysaml2/xmlsec1 dep blocking keystone-to-keystone federation
Doug Hellmann
doug at doughellmann.com
Tue Aug 26 14:06:01 UTC 2014
On Aug 26, 2014, at 7:44 AM, Sean Dague <sean at dague.net> wrote:
> On 08/26/2014 05:38 AM, Thierry Carrez wrote:
>> Hi keystone/infra,
>>
>> One key upcoming Juno feature (Keystone to keystone federation) is
>> currently blocked on adding pysaml2 to requirements:
>>
>> https://review.openstack.org/#/c/113294/
>>
>> It was -1ed by Doug after the discussion at the release meeting last
>> week, where the xmlsec1 dependency was raised as a potential infra issue.
>>
>> There doesn't seem to be so many good alternatives though. Steve
>> mentioned saml, but it's a bit alpha, and I have no idea how much work
>> would be required to use that instead of pysaml2 at this point.
>>
>> How blocking is the xmlsec1 dependency from an Infra perspective ? How
>> doable would a migration to saml at this point be ? I'm trying to find a
>> solution so that we can ship this feature :)
>
> I don't think this has anything to do with Infra. xmlsec1 is included in
> Debian / Ubuntu and Fedora.
>
> I think the complaint was about whether this library existed for MacOSX,
> which honestly, I *don't* think is a valid argument against adding a
> requirement as that's not a target environment for OpenStack.
My impression was this library would also be needed for keystone client, not just the server or middleware. Did I misunderstand?
Doug
>
> I'm +2 on this moving forward. I feel that the keystone team answered
> the questions needed.
>
> -Sean
>
> --
> Sean Dague
> http://dague.net
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list