Re: [openstack-dev] [Barbican] Nominating Juan Antonio Osorio Robles for barbican-core

2014-11-05 Thread Jarret Raim
+1 for me. From: Douglas Mendizabal douglas.mendiza...@rackspace.commailto:douglas.mendiza...@rackspace.com Reply-To: OpenStack List openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Date: Wednesday, November 5, 2014 at 4:53 PM To: OpenStack List

Re: [openstack-dev] [Barbican] Nominating Steve Heyman for barbican-core

2014-11-05 Thread Jarret Raim
+1 for me as well. From: Douglas Mendizabal douglas.mendiza...@rackspace.commailto:douglas.mendiza...@rackspace.com Reply-To: OpenStack List openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org Date: Wednesday, November 5, 2014 at 4:29 PM To: OpenStack List

[openstack-dev] [Barbican] PTL for Barbican

2014-09-25 Thread Jarret Raim
confident he is the right person to lead us through the Kilo cycle, graduation and the first public Cloud deployment of Barbican at Rackspace. Thanks, -- Jarret Raim @jarretraim smime.p7s Description: S/MIME cryptographic signature ___ OpenStack-dev

Re: [openstack-dev] [barbican] Nominating Nathan Reller for barbican-core

2014-07-11 Thread Jarret Raim
+1 for me. Jarret From: Douglas Mendizabal douglas.mendiza...@rackspace.com Reply-To: OpenStack List openstack-dev@lists.openstack.org Date: Thursday, July 10, 2014 at 12:11 PM To: OpenStack List openstack-dev@lists.openstack.org, Nate Reller rellerrel...@yahoo.com Subject: [openstack-dev]

Re: [openstack-dev] [barbican] Nominating Ade Lee for barbican-core

2014-07-11 Thread Jarret Raim
+1 for me as well. Jarret From: Douglas Mendizabal douglas.mendiza...@rackspace.com Reply-To: OpenStack List openstack-dev@lists.openstack.org Date: Thursday, July 10, 2014 at 11:55 AM To: OpenStack List openstack-dev@lists.openstack.org, a...@redhat.com a...@redhat.com Subject:

[openstack-dev] Barbican Meeting CANCELLED

2014-07-07 Thread Jarret Raim
All, This week is Barbican's mid-cycle meet up. As many of our contributors are in San Antonio this week, I'm going to cancel our weekly meeting today. Several of us are still on IRC, so if you need something from us, feel free to pop into #openstack-barbican and ask. The etherpad being used

[openstack-dev] [Barbican][OSSG][Keystone] Mid-Cycle Meetup

2014-05-22 Thread Jarret Raim
person interested in going to the Keystone sessions or vice versa. Once we get a rough head count estimate, Dolph and I can work on getting everything booked. Thanks, -- Jarret Raim @jarretraim smime.p7s Description: S/MIME cryptographic signature

Re: [openstack-dev] [Barbican] Meeting time moving?

2014-05-20 Thread Jarret Raim
We have not changed anything as of yet. The goal was to see if we could find some times that work for Jamie, but I haven't done it yet. I'll post something this week and we'll see if there is consensus. Thanks, -- Jarret Raim @jarretraim On 5/20/14, 9:22 AM, Clark, Robert Graham robert.cl

[openstack-dev] [Barbican] Today's Meeting Cancelled

2014-05-19 Thread Jarret Raim
to discuss. Thanks! -- Jarret Raim @jarretraim smime.p7s Description: S/MIME cryptographic signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [keystone] [barbican] Protecting user specific secrets in Barbican

2014-05-15 Thread Jarret Raim
So let me try to summarize our conversations from yesterday. === Use Case === Assume we have a Domain D which contains a large number of individual users. Each user in the domain creates a public / private key. This key pair is later used to establish authentication to services, some not from

Re: [openstack-dev] [keystone] [barbican] Protecting user specific secrets in Barbican

2014-05-15 Thread Jarret Raim
to solve the stated use case? Arvind - does this work for you? Thanks, Jarret From: Jarret Raim jarret.r...@rackspace.com Reply-To: OpenStack List openstack-dev@lists.openstack.org Date: Thursday, May 15, 2014 at 11:40 AM To: OpenStack List openstack-dev@lists.openstack.org Cc: Chan, Tim

Re: [openstack-dev] HEEEELP please..How can use Openstack 's APIs in Javascript/Ajax??

2014-05-07 Thread Jarret Raim
for OpenStack and may be able to better answer you question. You can direct a message to them by including [Horizon] in the subject of your email. Thanks! -- Jarret Raim @jarretraim From: Hachem Chraiti hachem...@gmail.com Reply-To: OpenStack List openstack-dev@lists.openstack.org Date: Wednesday

Re: [openstack-dev] [Neutron] SSL VPN Implemenatation

2014-05-01 Thread Jarret Raim
Zang mentioned that part of the issue is that the private key has to be stored in the OpenVPN config file. If the config files are generated and can be stored, then storing the whole config file in Barbican protects the private key (and any other settings) without having to try to deliver the key

Re: [openstack-dev] [Neutron] SSL VPN Implemenatation

2014-04-30 Thread Jarret Raim
As the PTL for Barbican, I¹m happy to discuss this more here or at the Summit. Not sure if this is an option, but could you store the entire OpenVPN config file in Barbican rather than just the key? Not sure if you are generating those on demand or not, but we¹ve had several teams inside

[openstack-dev] Barbican PTL Candidacy

2014-03-31 Thread Jarret Raim
I'd like to throw my name in for PTL for the Key Management Program which includes the Barbican, python-barbicanclient and Kite projects. I've been working on Barbican since the first line of code was committed and was responsible for building the team and desire at Rackspace to start the

Re: [openstack-dev] Proposal to move from Freenode to OFTC

2014-03-04 Thread Jarret Raim
#1) do we believe OFTC is fundamentally better equipped to resist a DDOS, or do we just believe they are a smaller target? The ongoing DDOS on meetup.com the past 2 weeks is a good indicator that being a smaller fish only helps for so long. It seems like we would need a answer to this question.

[openstack-dev] [barbican] Meeting Today

2014-02-10 Thread Jarret Raim
All, Barbican will be having our weekly meeting in #openstack-meeting-alt in 30 minutes at 2:00pm Central, 2000 UTC. On the list today is a quick discussion covering the status of the Barbican incubation request. We may also discuss the asymmetric work going on and possibly an update on Dogtag

Re: [openstack-dev] Barbican Incubation Review

2014-02-04 Thread Jarret Raim
I spun one up here https://etherpad.openstack.org/p/GFoJ4LpK8A Most of the questions are on our incubation wiki, but I answered each of the issues from the page you linked. Thanks, -- Jarret Raim @jarretraim On 2/4/14, 7:45 AM, Thierry Carrez thie...@openstack.org wrote: Jarret Raim

Re: [openstack-dev] Speaking at PyCON US 2014 about OpenStack?

2014-01-30 Thread Jarret Raim
Paul Kehrer and I are talking about the state of crypto in Python. The talk isn't specifically about OpenStack, but we will be talking about various OpenStack related issues including the Barbican service. Thanks, Jarret On 1/30/14, 11:05 AM, Anita Kuno ante...@anteaya.info wrote: On

[openstack-dev] Barbican Incubation Review

2014-01-29 Thread Jarret Raim
area for that work can be found here: http://docs.cloudkeep.io/barbican-devguide/content/preface.html The team hangs out in the #openstack-barbican channel on freenode. If you want to talk, stop on by. Thanks, Jarret Raim smime.p7s Description: S/MIME cryptographic signature

Re: [openstack-dev] [Nova] [Barbican] nova-cert information

2014-01-29 Thread Jarret Raim
We are currently hammering out the blueprints for asymmetric key support (both for escrow and generation). Happy to talk more about your use case if you are interested. We can do it over email or you can hop into #openstack-barbican on Freenode and talk to the team there. Thanks, Jarret From:

Re: [openstack-dev] [Barbican] New developer is coming

2014-01-29 Thread Jarret Raim
Thanks Adam. The guys working on this are hdegikli and reaperhulk. The easiest way to fine them is in #openstack-barbican. I'll cc reaperhulk on this so you have his email. I don't think I have hdegikli's email. Thanks, Jarret From: Александра Безбородова bezborodov...@gmail.com Reply-To:

Re: [openstack-dev] Barbican Incubation Review

2014-01-29 Thread Jarret Raim
On 1/29/14, 4:21 PM, Justin Santa Barbara jus...@fathomdb.com wrote: * the API for asymmetric keys (i.e. keys with a public and private part) has not yet been fleshed out That's correct. We are working with folks from HP and others on the blueprints to implement asymmetric support. Our hope is

Re: [openstack-dev] Diversity as a requirement for incubation

2013-12-18 Thread Jarret Raim
-Original Message- From: Sylvain Bauza [mailto:sylvain.ba...@bull.net] Sent: Wednesday, December 18, 2013 5:04 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] Diversity as a requirement for incubation Le 18/12/2013 11:40, Thierry

Re: [openstack-dev] Diversity as a requirement for incubation

2013-12-18 Thread Jarret Raim
It is a difficult thing to measure, and I don't think the intent is to set a hard % for contributions. I think the numbers for Barbican were just illustrating the fact that the concrete contributions are very coming very heavily from one source. That's only one data point, though, and as

Re: [openstack-dev] Incubation Request for Barbican

2013-12-18 Thread Jarret Raim
-Original Message- From: Steven Dake [mailto:sd...@redhat.com] In this particular case, I believe Barbican is not ready for incubation because of their dependence on celery, but ultimately I don't make the decision :) We've landed the PR that removes celery and replaces it with

Re: [openstack-dev] Incubation Request for Barbican

2013-12-17 Thread Jarret Raim
On 12/13/13, 7:56 AM, Russell Bryant rbry...@redhat.com wrote: 1) Are each of the items you mention big enough to have a sustainable team that can exist as its own program? The answer here for Barbican and Keystone is yes. 2) Would there be a benefit of *changing* the scope and mission of the

Re: [openstack-dev] Incubation Request for Barbican

2013-12-17 Thread Jarret Raim
On 12/13/13, 4:50 AM, Thierry Carrez thie...@openstack.org wrote: If you remove Jenkins and attach Paul Kehrer, jqxin2006 (Michael Xin), Arash Ghoreyshi, Chad Lung and Steven Gonzales to Rackspace, then the picture is: 67% of commits come from a single person (John Wood) 96% of commits come

[openstack-dev] [barbican] Meeting Today at 20:00 UTC (2 Central)

2013-12-12 Thread Jarret Raim
The barbican meeting today will cover our progress on the incubation issues brought up by the TC, test planning and any other issues. If you are interested in barbican and have questions, stop on by #openstack-meeting-alt in 20 minutes. Thanks, -- Jarret Raim @jarretraim smime.p7s

Re: [openstack-dev] Incubation Request for Barbican

2013-12-10 Thread Jarret Raim
I'd like to look at keeping things simple when they can be simple. I need to understand why there¹s already a key distribution service under keystone? https://review.openstack.org/#/c/40692/18/openstack-identity-api/v3/src/ma rkdown/identity-api-v3-os-kds-ext.md I¹ve said before that I think

[openstack-dev] [Barbican] IRC Meeting Today at 2 Central (2000 UTC)

2013-12-05 Thread Jarret Raim
Barbican is having our official IRC meeting in #openstack-meeting-alt today at 2 central or 2000 UTC. The main topic of conversation will be the tasks / comments that came up from our incubation request. We welcome anyone with additional questions or comments to come join us. Thanks, Jarret

Re: [openstack-dev] [openstack-tc] Incubation Request for Barbican

2013-12-04 Thread Jarret Raim
I think this conversation has gotten away from our incubation request and into an argument about what makes a good library and when and how projects should choose between oslo and other options. I¹m happy to have the second one in another thread, but that seems like a longer conversation

Re: [openstack-dev] Incubation Request for Barbican

2013-12-04 Thread Jarret Raim
While I am all for adding a new program, I think we should only add one if we rule out all existing programs as a home. With that in mind why not add this to the keystone program? Perhaps that may require a tweak to keystones mission statement, but that is doable. I saw a partial answer

Re: [openstack-dev] Incubation Request for Barbican

2013-12-03 Thread Jarret Raim
With the introduction of programs (think: official teams), all incubated/integrated projects must belong to an official program... So when a project applies for incubation but is not part of an official program yet, it de-facto also applies to be considered a program. Ahh, understood. So I guess

Re: [openstack-dev] [openstack-tc] Incubation Request for Barbican

2013-12-03 Thread Jarret Raim
I think there's something else you should take under consideration. Oslo messaging is not just an OpenStack library. It's the RPC library that all projects are relying on and one of the strong goals we have in OpenStack is to reduce code and efforts duplications. We'd love to have more people

Re: [openstack-dev] [openstack-tc] Incubation Request for Barbican

2013-12-03 Thread Jarret Raim
The API and developer documentation is at http://docs.openstack.org/developer/oslo.messaging/ This is great, thanks for the link. Would there be any objections to adding this to the github repo and the openstack wiki pages? I spent a bunch of time looking and wasn¹t able to turn this up.

[openstack-dev] Incubation Request for Barbican

2013-12-02 Thread Jarret Raim
-barbican and you can contact us using the barbi...@lists.rackspace.com mailing list if desired. Thanks, Jarret Raim |Security Intrapreneur - 5000 Walzem RoadOffice: 210.312.3121 San Antonio, TX 78218

Re: [openstack-dev] Incubation Request for Barbican

2013-12-02 Thread Jarret Raim
shortlog -s -e | sort -n -r 172 John Wood john.w...@rackspace.com 150 jfwood john.w...@rackspace.com 65 Douglas Mendizabal douglas.mendiza...@rackspace.com 39 Jarret Raim jarret.r...@rackspace.com 17 Malini K. Bhandaru malini.k.bhand...@intel.com 10 Paul Kehrer paul.l.keh...@gmail.com

Re: [openstack-dev] [openstack-tc] Incubation Request for Barbican

2013-12-02 Thread Jarret Raim
* Process ** Project must be hosted under stackforge (and therefore use git as its VCS) I see that barbican is now on stackforge, but python-barbicanclient is still on github. Is that being moved soon? ** Project must obey OpenStack coordinated project interface (such as tox,

Re: [openstack-dev] Incubation Request for Barbican

2013-12-02 Thread Jarret Raim
Uses tox, but not pbr or global requirements I added a ŒTasks¹ section for stuff we need to do from this review and I¹ve added these tasks. [4] [4] https://wiki.openstack.org/wiki/Barbican/Incubation Awesome. Also, if you don't mind - we should add testr to that list. We're looking at

Re: [openstack-dev] [openstack-tc] Incubation Request for Barbican

2013-12-02 Thread Jarret Raim
There are two big parts to this, I think. One is techincal - a significant portion of OpenStack deployments will not work with this because Celery does not work with their deployed messaging architecture. See another reply in this thread for an example of someone that sees the inability

Re: [openstack-dev] [openstack-tc] Incubation Request for Barbican

2013-12-02 Thread Jarret Raim
I've been anxious to try out Barbican, but haven't had quite enough time to try it yet. But finding out it won't work with Qpid makes it unworkable for us at the moment. I think a large swath of the OpenStack community won't be able to use it in this form too. As mentioned in the other

Re: [openstack-dev] [Keystone][Oslo] Future of Key Distribution Server, Trusted Messaging

2013-12-01 Thread Jarret Raim
I also don't like that the discussions suggested that because it would be hard to get Barbican incubated/integrated it should not be used. That is just crazy talk. TripleO merged with Tuskar because Tuskar is part of deployment. We are completing our incubation request for Barbican right now.

Re: [openstack-dev] [Keystone][Oslo] Future of Key Distribution Server, Trusted Messaging

2013-11-22 Thread Jarret Raim
at 20:08 +, Jarret Raim wrote: The Barbican team has been taking a look at the KDS feature and the proposed patch and I think this may be better placed in Barbican rather than Keystone. The patch, from what I can tell, seems to require that a service account create use a key under its own

Re: [openstack-dev] [Keystone][Oslo] Future of Key Distribution Server, Trusted Messaging

2013-11-21 Thread Jarret Raim
The Barbican team has been taking a look at the KDS feature and the proposed patch and I think this may be better placed in Barbican rather than Keystone. The patch, from what I can tell, seems to require that a service account create use a key under its own tenant. In this use case, Barbican can

Re: [openstack-dev] [barbican] re: Is barbican suitable/ready for production deployment?

2013-09-26 Thread Jarret Raim
A little more detail. We cut our feature complete release along with everyone else for Havana M3. We are currently standing up the production environments for the code. So, we believe that the codebase is pretty stable, but it has not been run in production yet. As John said, we're happy to

Re: [openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes

2013-09-09 Thread Jarret Raim
introduce another moving part. Thanks, Jarret Raim ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [keystone] [oslo] postpone key distribution bp until icehouse?

2013-08-21 Thread Jarret Raim
Dolph Mathews wrote: With regard to: https://blueprints.launchpad.net/keystone/+spec/key-distribution-server [...] Dolph: you don't mention Barbican at all, does that mean that the issue is settled and the KDS should live in keystone ? Dolph and I talked about having a design session to

Re: [openstack-dev] [barbican]

2013-07-24 Thread Jarret Raim
into their applications. Now if we can just get HSM vendors to install Barbican on their devices, maybe we'd have something :) Thanks, Jarret Regards, Arvind From: Jarret Raim [mailto:jarret.r...@rackspace.com] Sent: Monday, July 22, 2013 2:38 PM To: OpenStack Development Mailing

Re: [openstack-dev] KMIP client for volume encryption key management

2013-07-24 Thread Jarret Raim
features that barbican provides. I will take a look at the barbican architecture and join discussions there. Thanks, we'd love the help. Jarret Thanks, Bill From: Jarret Raim [mailto:jarret.r...@rackspace.com] Sent: Friday, July 19, 2013 9:46 AM To: OpenStack Development Mailing List

Re: [openstack-dev] [barbican]

2013-07-22 Thread Jarret Raim
I'm the product owner for Barbican at Rackspace. I'll take a shot an answering your questions. 1. What is the state of the project, is it in the state where it can be utilized in production deployments? We currently in active development and pushing for our 1.0 release for Havana. As to

Re: [openstack-dev] KMIP client for volume encryption key management

2013-07-19 Thread Jarret Raim
I'm not sure that I agree with this direction. In our investigation, KMIP is a problematic protocol for several reasons: * We haven't found an implementation of KMIP for Python. (Let us know if there is one!) * Support for KMIP by HSM vendors is limited. * We haven't found software

Re: [openstack-dev] Move keypair management out of Nova and into Keystone?

2013-07-02 Thread Jarret Raim
I've spent some time thinking about how Barbican (Key Management) can help in this workflow. We will have the ability to generate SSH keys (and a host of other key certificate types). This is backed by cryptographically sound code and we've spent some time figuring out the entropy problem and

Re: [openstack-dev] Move keypair management out of Nova and into Keystone?

2013-07-02 Thread Jarret Raim
the keys yourself, than that seems fine. On 7/2/13 9:07 AM, Jay Pipes jaypi...@gmail.com wrote: On 07/02/2013 09:49 AM, Jarret Raim wrote: I've spent some time thinking about how Barbican (Key Management) can help in this workflow. We will have the ability to generate SSH keys (and a host

Re: [openstack-dev] Move keypair management out of Nova and into Keystone?

2013-07-02 Thread Jarret Raim
On 7/2/13 12:43 PM, Simo Sorce s...@redhat.com wrote: On Tue, 2013-07-02 at 16:55 +, Tiwari, Arvind wrote: Hi Simo, I am lost. Does Barbican is product came out of https://wiki.openstack.org/wiki/KeyManager BP? Yes Barbican is an implementation of this Blueprint afaik. Barbican is