[openstack-dev] [infra] [keystone] pysaml2/xmlsec1 dep blocking keystone-to-keystone federation
Dolph Mathews
dolph.mathews at gmail.com
Tue Aug 26 15:28:08 UTC 2014
On Tue, Aug 26, 2014 at 6:44 AM, Sean Dague <sean at dague.net> wrote:
> On 08/26/2014 05:38 AM, Thierry Carrez wrote:
> > Hi keystone/infra,
> >
> > One key upcoming Juno feature (Keystone to keystone federation) is
> > currently blocked on adding pysaml2 to requirements:
> >
> > https://review.openstack.org/#/c/113294/
> >
> > It was -1ed by Doug after the discussion at the release meeting last
> > week, where the xmlsec1 dependency was raised as a potential infra issue.
> >
> > There doesn't seem to be so many good alternatives though. Steve
> > mentioned saml, but it's a bit alpha, and I have no idea how much work
> > would be required to use that instead of pysaml2 at this point.
> >
> > How blocking is the xmlsec1 dependency from an Infra perspective ? How
> > doable would a migration to saml at this point be ? I'm trying to find a
> > solution so that we can ship this feature :)
>
> I don't think this has anything to do with Infra. xmlsec1 is included in
> Debian / Ubuntu and Fedora.
>
> I think the complaint was about whether this library existed for MacOSX,
> which honestly, I *don't* think is a valid argument against adding a
> requirement as that's not a target environment for OpenStack.
>
FWIW, it's available on OS X via homebrew:
$ brew install libxmlsec1
>
> I'm +2 on this moving forward. I feel that the keystone team answered
> the questions needed.
>
Thanks!
>
> -Sean
>
> --
> Sean Dague
> http://dague.net
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140826/eb0b9165/attachment.html>
More information about the OpenStack-dev
mailing list