-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 No conflicts with your cross-project session as far as I can tell.
In a nutshell BYOK-Push is a model where the customer retains full control of their cryptographic keys. The customer is expected to provide the necessary keys each and every time a request is made that requires some cryptographic operation. Amazon S3's SSE-C encryption [1] would be a good example of this model. In a BYOK-Pull model, the customer would grant access to their cloud provider for some key management system inside their private infrastructure. For example this model could be used in a hybrid cloud where the customer has an on-premise barbican that can provide keys on-demand to the public cloud provider. +1 to not spending a lot of time talking about a model that no one is interested in implementing. My impression at the last joint Barbican/OSSP mid-cycle was that most people were interested in the push model. [1] http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCusto merKeys.html On 4/22/16 4:03 PM, Fox, Kevin M wrote: > Can you please give a little more detail on what its about? > > Does this have any overlap with the instance user session: > https://www.openstack.org/summit/austin-2016/summit-schedule/events/94 85 > > Thanks, Kevin > > ---------------------------------------------------------------------- - -- > > *From:* Rob C [[email protected]] > *Sent:* Friday, April 22, 2016 1:44 PM *To:* OpenStack Development > Mailing List (not for usage questions) *Subject:* Re: > [openstack-dev] [Security][Barbican][all] Bring your own key > fishbowl sessions > > So that's one vote for option A and one vote for another vote :) > > On 22 Apr 2016 4:25 p.m., "Nathan Reller" > <[email protected] <mailto:[email protected]>> > wrote: > >> Thoughts? > > Is anyone interested in the pull model or actually implementing it? > I say if the answer to that is no then only discuss the push > model. > > Note that I am having a talk on BYOK on Tuesday at 11:15. My talk > will go over provider key management, the push model, and the pull > model. There are some aspects of design in it that will likely > interest people. You might want to take the poll after session > because I'm not sure how many people know what the differences > are. > > -Nate > > ______________________________________________________________________ ____ > > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > [email protected]?subject:unsubscribe > <http://[email protected]?subject:unsubscribe> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > ______________________________________________________________________ ____ > > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXGpu3AAoJEB7Z2EQgmLX7eaAQAKArxp+Pw6jl+4Xz5t9zrOZb ENSOq049jOrymUolD/VyiicT2llG08LxHlLjfnVthJ7j5+unB6XQLRKLIDAGUCrM IyTw9SRSjElvQVN6mct/NnePlhipjWf6inqCxpRKE0Bbv2jgOHiYOqZ04yQAxZ/1 aWevqSc2piJhlZmOjTlYbls0O0oTPGw0zkyS0Damja5OIiu45niSQvrnwlbfVTJg R9ORk0FSNrpvgOBIAFCqLYXhmvrhHkV0+M6aQ4NHy9m05ywe7jq4J2qhcUqY3kqp b/qNCKlJ25mSlnCcVLYR8iDkLxfLwa7dToCViacnLg2dd7T1l0OhLgbBY1ENHIuw jvwE3vVz4HPHhk8ArybWvaOepP+cPdPB4fcX5DkatEfI2raCr18yebZ+AfI7/e/v WtlwLUcG/GxOIQe/PpTF6Y5cRimV62u/Fk3FXZYJnFt2dk+zw9OTzrasZg/RrTVT UEaMPZXt8AfAVEUNRh2KA1NgFhyvuLIkexSPmmuJ5dxgJ2JmB2OoLF+pNNT5xH4L bTYuIGt39nuLT8wv9vyovoMuDG6mP8JF0b4LW/2XEfBTPq9LfDlEtmZUqlDhYG2I FlqP1iN0O1B0X9hG6+fnD+aEga8nx060wNxsioUD2bNmJ6lqYeq8Jj0hIdsjYTAU xwrWP8UdUfC7GU9oun1Y =PeQa -----END PGP SIGNATURE----- __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
