Greetings, Barbican team!
As you may be aware, I've been working with other folks in the community
on documenting a vision for OpenStack clouds (formerly known as the
'Technical Vision') - essentially to interpret the mission statement in
long-form, in a way that we can use to actually help guide decisions.
You can read the latest draft here: https://review.openstack.org/592205
We're trying to get feedback from as many people as possible - in many
ways the value is in the process of coming together to figure out what
we're trying to achieve as a community with OpenStack and how we can
work together to build it. The document is there to help us remember
what we decided so we don't have to do it all again over and over.
The vision is structured with two sections that apply broadly to every
project in OpenStack - describing the principles that we believe are
essential to every cloud, and the ones that make OpenStack different
from some other clouds. The third section is a list of design goals that
we want OpenStack as a whole to be able to meet - ideally each project
would be contributing toward one or more of these design goals.
Barbican provides an abstraction over HSMs and software equivalents
(like Vault), so the immediate design goal that it meets is the
'Hardware Virtualisation' one. However, the most interesting part of the
document for the Barbican team is probably the section on cross-project
dependencies. In discussions at the PTG, the TC concluded that we
shouldn't force projects to adopt hard dependencies on other services
(like Barbican), but recommend that they do so when there is a benefit
to the user. The challenge here I think is that not duplicating
security-sensitive code such as secret storage is well known to be
something that is both of great benefit to the user and highly tempting
to take a shortcut on. Your feedback on whether we have got the right
balance is important.
If you would like me or another TC member to join one of your team IRC
meetings to discuss further what the vision means for your team, please
reply to this thread to set it up. You are also welcome to bring up any
questions in the TC IRC channel, #openstack-tc - there's more of us
around during Office Hours
(https://governance.openstack.org/tc/#office-hours), but you can talk to
us at any time.
Feedback can also happen either in this thread or on the review
If the team is generally happy with the vision as it is and doesn't have
any specific feedback, that's cool but I'd like to request that at least
the PTL leave a vote on the review. It's important to know whether we
are actually developing a consensus in the community or just talking to
OpenStack Development Mailing List (not for usage questions)