Open Stack

We're _all_ winners.

On Friday, April 8, 2016, Brad Topol <btopol at us.ibm.com> wrote:

> If Termie comes out of retirement to respond to a thread are there really
> any winners??? :-)
>
> --Brad
>
>
> Brad Topol, Ph.D.
> IBM Distinguished Engineer
> OpenStack
> (919) 543-0646
> Internet: btopol at us.ibm.com
> <javascript:_e(%7B%7D,'cvml','btopol at us.ibm.com');>
> Assistant: Kendra Witherspoon (919) 254-0680
>
> [image: Inactive hide details for Monty Taylor ---04/08/2016 01:10:23
> PM---On 04/08/2016 11:12 AM, Andy Smith wrote: > Aaaaaahahahahhah]Monty
> Taylor ---04/08/2016 01:10:23 PM---On 04/08/2016 11:12 AM, Andy Smith
> wrote: > Aaaaaahahahahhahahahhaahhahahahahahahahahhahhahahahahhah
>
> From: Monty Taylor <mordred at inaugust.com
> <javascript:_e(%7B%7D,'cvml','mordred at inaugust.com');>>
> To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org
> <javascript:_e(%7B%7D,'cvml','openstack-dev at lists.openstack.org');>>
> Date: 04/08/2016 01:10 PM
> Subject: Re: [openstack-dev] [tc][ptl][keystone] Proposal to split
> authentication part out of Keystone to separated project
> ------------------------------
>
>
>
> On 04/08/2016 11:12 AM, Andy Smith wrote:
> > Aaaaaahahahahhahahahhaahhahahahahahahahahhahhahahahahhahaha
>
> This is the indication that this thread wins.
>
> > On Thu, Apr 7, 2016 at 6:23 AM Lance Bragstad <lbragstad at gmail.com
> <javascript:_e(%7B%7D,'cvml','lbragstad at gmail.com');>
> > <mailto:lbragstad at gmail.com
> <javascript:_e(%7B%7D,'cvml','lbragstad at gmail.com');>>> wrote:
> >
> >     In response to point 2.2, the progress with Fernet in the last year
> >     has exposed performance pain points in keystone. Finding sensible
> >     solutions for those issues is crucial in order for people to adopt
> >     Fernet. In Mitaka we had a lot of discussion that resulted in
> >     landing several performance related patches.
> >
> >     As of today, we're already focusing on scalability, performance, and
> >     simplicity. I'm afraid a project split would only delay the work
> >     we're doing right now.
> >
> >     On Wed, Apr 6, 2016 at 5:34 PM, Morgan Fainberg
> >     <morgan.fainberg at gmail.com
> <javascript:_e(%7B%7D,'cvml','morgan.fainberg at gmail.com');> <
> mailto:morgan.fainberg at gmail.com
> <javascript:_e(%7B%7D,'cvml','morgan.fainberg at gmail.com');>>> wrote:
> >
> >
> >
> >         On Wed, Apr 6, 2016 at 6:29 PM, David Stanek
> >         <dstanek at dstanek.com
> <javascript:_e(%7B%7D,'cvml','dstanek at dstanek.com');> <
> mailto:dstanek at dstanek.com
> <javascript:_e(%7B%7D,'cvml','dstanek at dstanek.com');>>> wrote:
> >
> >
> >             On Wed, Apr 6, 2016 at 3:26 PM Boris Pavlovic
> >             <bpavlovic at mirantis.com
> <javascript:_e(%7B%7D,'cvml','bpavlovic at mirantis.com');> <
> mailto:bpavlovic at mirantis.com
> <javascript:_e(%7B%7D,'cvml','bpavlovic at mirantis.com');>>> wrote:
> >
> >
> >                 2) This will reduce scope of Keystone, which means 2
> things
> >                 2.1) Smaller code base that has less issues and is
> >                 simpler for testing
> >                 2.2) Keystone team would be able to concentrate more on
> >                 fixing perf/scalability issues of authorization, which
> >                 is crucial at the moment for large clouds.
> >
> >
> >             I'm not sure that this is entirely true. If we truly just
> >             split up the project, meaning we don't remove functionality,
> >             then we'd have the same number of bugs and work. It would
> >             just be split across two projects.
> >
> >             I think the current momentum to get out of the authn
> >             business is still our best bet. As Steve mentioned this is
> >             ongoing work.
> >
> >             -- David
> >
> >
> >         What everyone else said... but add in the need then to either
> >         pass the AuthN over to the Assignment/AuthZ api or bake it in
> >         (via apache module?) and we are basically where we are now.
> >
> >         Steve alluded to splitting out the authentication bit (but not
> >         to a new service), the idea there is to make it so AuthN is not
> >         part of the CRUD interface of the server. All being said, AuthN
> >         and AuthZ are going to be hard to split into two separate
> >         services and with exception of the unfounded "scope" benefit, we
> >         already can handle most of what you've proposed with zero
> >         changes to Keystone.
> >
> >         Cheers,
> >         --Morgan
> >
> >
> >
> __________________________________________________________________________
> >         OpenStack Development Mailing List (not for usage questions)
> >         Unsubscribe:
> >         OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> >         <
> http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> __________________________________________________________________________
> >     OpenStack Development Mailing List (not for usage questions)
> >     Unsubscribe:
> >     OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> >     <
> http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> >     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160408/96e8c135/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160408/96e8c135/attachment-0001.gif>