Given the issues we continue to face with achieving stable APIs, I hope there will be some form of formal API review before we approve any new OpenStack APIs. When we release an API, it should mean that we're committing to support that API _forever_.
Glancing at the specification, I noticed some API issues that will be hard to fix: * the API for asymmetric keys (i.e. keys with a public and private part) has not yet been fleshed out * there does not appear to be support for key rotation * I don't see metadata or tags or some other way for API consumers to attach extra information they might need * "cypher_type" is spelled in the less common way The first two are deal-breakers IMHO for a 1.0. #3 is a straight extension, so could be added later, but I think it an important safety valve in case anything else got missed. #4 will probably cause the most argument :-) Everyone is looking forward to the better security that Barbican will bring, so I think it all the more important that we avoid a rapid v2.0 and the pain that brings to everyone. I would hope that the PTLs of all projects that are going to offer encryption review the proposed API to make sure that it meets their project's future requirements. I'm presuming that this is our last opportunity for API review - if this isn't the right occasion to bring this up, ignore me! Justin _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
