subject:"Re\: \[openstack\-dev\] \[oslo\]\[barbican\]\[castellan\] Proposal to rename Castellan to oslo.keymanager"

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-22 Thread Adam Harwell

I have been a fan of this from the very beginning of the project as well. I
think oslo is the obvious correct place for a library that should define
core interfaces for use by many openstack projects.

Also, whether you have seen it or not, I have *definitely* seen real
instances where people shied away from using castellan or contributing to
it because it seemed "no different than just barbican, created and owned by
the same people". That was never the goal, and though it's difficult to
point to specific instances, there were many times during discussions that
I thought explaining it was part of oslo would have totally changed the
tone and direction of the conversation.

The naming of things is no joke -- there is significant psychological
emphasis given to the "name of a thing" that can be seen in many cultures
all through literature and tradition. Some of you may think of this as a
meaningless gesture, but I am personally very sure it is not.

+1 from me as an interested user/contributor. Personally I'd go in for the
complete rename to oslo.keymanager, but just oslo is a good start.

--Adam Harwell

On Wed, Mar 22, 2017, 00:34 Flavio Percoco  wrote:

> On 16/03/17 12:43 -0400, Davanum Srinivas wrote:
> >+1 from me to bring castellan under Oslo governance with folks from
> >both oslo and Barbican as reviewers without a project rename. Let's
> >see if that helps get more adoption of castellan
>
> This sounds like a great path forward! +1
>
> Flavio
>
> >Thanks,
> >Dims
> >
> >On Thu, Mar 16, 2017 at 12:25 PM, Farr, Kaitlin M.
> > wrote:
> >> This thread has generated quite the discussion, so I will try to
> >> address a few points in this email, echoing a lot of what Dave said.
> >>
> >> Clint originally explained what we are trying to solve very well. The
> hope was
> >> that the rename would emphasize that Castellan is just a basic
> >> interface that supports operations common between key managers
> >> (the existing Barbican back end and other back ends that may exist
> >> in the future), much like oslo.db supports the common operations
> >> between PostgreSQL and MySQL. The thought was that renaming to have
> >> oslo part of the name would help reinforce that it's just an interface,
> >> rather than a standalone key manager. Right now, the only Castellan
> >> back end that would work in DevStack is Barbican. There has been talk
> >> in the past for creating other Castellan back ends (Vault or Tang), but
> >> no one has committed to writing the code for those yet.
> >>
> >> The intended proposal was to rename the project, maintain the current
> >> review team (which is only a handful of Barbican people), and bring on
> >> a few Oslo folks, if any were available and interested, to give advice
> >> about (and +2s for) OpenStack library best practices. However, perhaps
> >> pulling it under oslo's umbrella without a rename is blessing it enough.
> >>
> >> In response to Julien's proposal to make Castellan "the way you can do
> >> key management in Python" -- it would be great if Castellan were that
> >> abstract, but in practice it is pretty OpenStack-specific. Currently,
> >> the Barbican team is great at working on key management projects
> >> (including both Barbican and Castellan), but a lot of our focus now is
> >> how we can maintain and grow integration with the rest of the OpenStack
> >> projects, for which having the name and expertise of oslo would be a
> >> great help.
> >>
> >> Thanks,
> >>
> >> Kaitlin
> >>
> __
> >> OpenStack Development Mailing List (not for usage questions)
> >> Unsubscribe:
> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> >--
> >Davanum Srinivas :: https://twitter.com/dims
> >
> >__
> >OpenStack Development Mailing List (not for usage questions)
> >Unsubscribe:
> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> --
> @flaper87
> Flavio Percoco
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-21 Thread Flavio Percoco


On 16/03/17 12:43 -0400, Davanum Srinivas wrote:

+1 from me to bring castellan under Oslo governance with folks from
both oslo and Barbican as reviewers without a project rename. Let's
see if that helps get more adoption of castellan


This sounds like a great path forward! +1

Flavio


Thanks,
Dims

On Thu, Mar 16, 2017 at 12:25 PM, Farr, Kaitlin M.
 wrote:

This thread has generated quite the discussion, so I will try to
address a few points in this email, echoing a lot of what Dave said.

Clint originally explained what we are trying to solve very well. The hope was
that the rename would emphasize that Castellan is just a basic
interface that supports operations common between key managers
(the existing Barbican back end and other back ends that may exist
in the future), much like oslo.db supports the common operations
between PostgreSQL and MySQL. The thought was that renaming to have
oslo part of the name would help reinforce that it's just an interface,
rather than a standalone key manager. Right now, the only Castellan
back end that would work in DevStack is Barbican. There has been talk
in the past for creating other Castellan back ends (Vault or Tang), but
no one has committed to writing the code for those yet.

The intended proposal was to rename the project, maintain the current
review team (which is only a handful of Barbican people), and bring on
a few Oslo folks, if any were available and interested, to give advice
about (and +2s for) OpenStack library best practices. However, perhaps
pulling it under oslo's umbrella without a rename is blessing it enough.

In response to Julien's proposal to make Castellan "the way you can do
key management in Python" -- it would be great if Castellan were that
abstract, but in practice it is pretty OpenStack-specific. Currently,
the Barbican team is great at working on key management projects
(including both Barbican and Castellan), but a lot of our focus now is
how we can maintain and grow integration with the rest of the OpenStack
projects, for which having the name and expertise of oslo would be a
great help.

Thanks,

Kaitlin
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Davanum Srinivas :: https://twitter.com/dims

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


--
@flaper87
Flavio Percoco


signature.asc
Description: PGP signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-20 Thread Morgan Fainberg

On Mon, Mar 20, 2017 at 12:23 PM, Dave McCowan (dmccowan)
 wrote:
> +1 from me.  That looks easy to implement and maintain.
>
> On 3/20/17, 2:49 PM, "Davanum Srinivas"  wrote:
>
>>Dave,
>>
>>Here's the precendent from oslo.policy:
>>https://review.openstack.org/#/admin/groups/556,members
>>
>>The reason for setting it up this way with individuals + oslo core +
>>keystone core is to make sure both core teams are involved in the
>>review process and any future contributors who are not part of either
>>team can be give core rights in oslo.policy.
>>
>>Is it ok to continue this model?
>>
>>Thanks,
>>Dims
>>
>>On Mon, Mar 20, 2017 at 9:20 AM, Dave McCowan (dmccowan)
>> wrote:
>>> This sounds good to me.  I see it as a "promotion" for Castellan into
>>>the
>>> core of OpenStack.  I think a good first step in this direction is to
>>> create a castellan-drivers team in Launchpad and a castellan-core team
>>>in
>>> Gerrit.  We can seed the list with Barbican core reviewers and any Oslo
>>> volunteers.
>>>
>>> The Barbican/Castellan weekly IRC meeting is today at 2000UTC in
>>> #openstack-meeting-alt, if anyone want to join to discuss.
>>>
>>> Thanks!
>>> dave-mccowan
>>>
>>> On 3/16/17, 12:43 PM, "Davanum Srinivas"  wrote:
>>>
+1 from me to bring castellan under Oslo governance with folks from
both oslo and Barbican as reviewers without a project rename. Let's
see if that helps get more adoption of castellan

Thanks,
Dims

On Thu, Mar 16, 2017 at 12:25 PM, Farr, Kaitlin M.
 wrote:
> This thread has generated quite the discussion, so I will try to
> address a few points in this email, echoing a lot of what Dave said.
>
> Clint originally explained what we are trying to solve very well. The
>hope was
> that the rename would emphasize that Castellan is just a basic
> interface that supports operations common between key managers
> (the existing Barbican back end and other back ends that may exist
> in the future), much like oslo.db supports the common operations
> between PostgreSQL and MySQL. The thought was that renaming to have
> oslo part of the name would help reinforce that it's just an
>interface,
> rather than a standalone key manager. Right now, the only Castellan
> back end that would work in DevStack is Barbican. There has been talk
> in the past for creating other Castellan back ends (Vault or Tang),
>but
> no one has committed to writing the code for those yet.
>
> The intended proposal was to rename the project, maintain the current
> review team (which is only a handful of Barbican people), and bring on
> a few Oslo folks, if any were available and interested, to give advice
> about (and +2s for) OpenStack library best practices. However, perhaps
> pulling it under oslo's umbrella without a rename is blessing it
>enough.
>
> In response to Julien's proposal to make Castellan "the way you can do
> key management in Python" -- it would be great if Castellan were that
> abstract, but in practice it is pretty OpenStack-specific. Currently,
> the Barbican team is great at working on key management projects
> (including both Barbican and Castellan), but a lot of our focus now is
> how we can maintain and grow integration with the rest of the
>OpenStack
> projects, for which having the name and expertise of oslo would be a
> great help.
>
> Thanks,
>
> Kaitlin
>
>___
>__
>_
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
>openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



--
Davanum Srinivas :: https://twitter.com/dims


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>>
>>>_
>>>_
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
>>>openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>>--
>>Davanum Srinivas :: https://twitter.com/dims
>>
>>__
>>OpenStack Development Mailing List (not for usage questions)
>>Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-20 Thread Dave McCowan (dmccowan)

+1 from me.  That looks easy to implement and maintain.

On 3/20/17, 2:49 PM, "Davanum Srinivas"  wrote:

>Dave,
>
>Here's the precendent from oslo.policy:
>https://review.openstack.org/#/admin/groups/556,members
>
>The reason for setting it up this way with individuals + oslo core +
>keystone core is to make sure both core teams are involved in the
>review process and any future contributors who are not part of either
>team can be give core rights in oslo.policy.
>
>Is it ok to continue this model?
>
>Thanks,
>Dims
>
>On Mon, Mar 20, 2017 at 9:20 AM, Dave McCowan (dmccowan)
> wrote:
>> This sounds good to me.  I see it as a "promotion" for Castellan into
>>the
>> core of OpenStack.  I think a good first step in this direction is to
>> create a castellan-drivers team in Launchpad and a castellan-core team
>>in
>> Gerrit.  We can seed the list with Barbican core reviewers and any Oslo
>> volunteers.
>>
>> The Barbican/Castellan weekly IRC meeting is today at 2000UTC in
>> #openstack-meeting-alt, if anyone want to join to discuss.
>>
>> Thanks!
>> dave-mccowan
>>
>> On 3/16/17, 12:43 PM, "Davanum Srinivas"  wrote:
>>
>>>+1 from me to bring castellan under Oslo governance with folks from
>>>both oslo and Barbican as reviewers without a project rename. Let's
>>>see if that helps get more adoption of castellan
>>>
>>>Thanks,
>>>Dims
>>>
>>>On Thu, Mar 16, 2017 at 12:25 PM, Farr, Kaitlin M.
>>> wrote:
 This thread has generated quite the discussion, so I will try to
 address a few points in this email, echoing a lot of what Dave said.

 Clint originally explained what we are trying to solve very well. The
hope was
 that the rename would emphasize that Castellan is just a basic
 interface that supports operations common between key managers
 (the existing Barbican back end and other back ends that may exist
 in the future), much like oslo.db supports the common operations
 between PostgreSQL and MySQL. The thought was that renaming to have
 oslo part of the name would help reinforce that it's just an
interface,
 rather than a standalone key manager. Right now, the only Castellan
 back end that would work in DevStack is Barbican. There has been talk
 in the past for creating other Castellan back ends (Vault or Tang),
but
 no one has committed to writing the code for those yet.

 The intended proposal was to rename the project, maintain the current
 review team (which is only a handful of Barbican people), and bring on
 a few Oslo folks, if any were available and interested, to give advice
 about (and +2s for) OpenStack library best practices. However, perhaps
 pulling it under oslo's umbrella without a rename is blessing it
enough.

 In response to Julien's proposal to make Castellan "the way you can do
 key management in Python" -- it would be great if Castellan were that
 abstract, but in practice it is pretty OpenStack-specific. Currently,
 the Barbican team is great at working on key management projects
 (including both Barbican and Castellan), but a lot of our focus now is
 how we can maintain and grow integration with the rest of the
OpenStack
 projects, for which having the name and expertise of oslo would be a
 great help.

 Thanks,

 Kaitlin

___
__
_
 OpenStack Development Mailing List (not for usage questions)
 Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>>
>>>--
>>>Davanum Srinivas :: https://twitter.com/dims
>>>
>>>
>>>__
>>>OpenStack Development Mailing List (not for usage questions)
>>>Unsubscribe: 
>>>openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>> 
>>_
>>_
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: 
>>openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>-- 
>Davanum Srinivas :: https://twitter.com/dims
>
>__
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-20 Thread Davanum Srinivas

Dave,

Here's the precendent from oslo.policy:
https://review.openstack.org/#/admin/groups/556,members

The reason for setting it up this way with individuals + oslo core +
keystone core is to make sure both core teams are involved in the
review process and any future contributors who are not part of either
team can be give core rights in oslo.policy.

Is it ok to continue this model?

Thanks,
Dims

On Mon, Mar 20, 2017 at 9:20 AM, Dave McCowan (dmccowan)
 wrote:
> This sounds good to me.  I see it as a "promotion" for Castellan into the
> core of OpenStack.  I think a good first step in this direction is to
> create a castellan-drivers team in Launchpad and a castellan-core team in
> Gerrit.  We can seed the list with Barbican core reviewers and any Oslo
> volunteers.
>
> The Barbican/Castellan weekly IRC meeting is today at 2000UTC in
> #openstack-meeting-alt, if anyone want to join to discuss.
>
> Thanks!
> dave-mccowan
>
> On 3/16/17, 12:43 PM, "Davanum Srinivas"  wrote:
>
>>+1 from me to bring castellan under Oslo governance with folks from
>>both oslo and Barbican as reviewers without a project rename. Let's
>>see if that helps get more adoption of castellan
>>
>>Thanks,
>>Dims
>>
>>On Thu, Mar 16, 2017 at 12:25 PM, Farr, Kaitlin M.
>> wrote:
>>> This thread has generated quite the discussion, so I will try to
>>> address a few points in this email, echoing a lot of what Dave said.
>>>
>>> Clint originally explained what we are trying to solve very well. The
>>>hope was
>>> that the rename would emphasize that Castellan is just a basic
>>> interface that supports operations common between key managers
>>> (the existing Barbican back end and other back ends that may exist
>>> in the future), much like oslo.db supports the common operations
>>> between PostgreSQL and MySQL. The thought was that renaming to have
>>> oslo part of the name would help reinforce that it's just an interface,
>>> rather than a standalone key manager. Right now, the only Castellan
>>> back end that would work in DevStack is Barbican. There has been talk
>>> in the past for creating other Castellan back ends (Vault or Tang), but
>>> no one has committed to writing the code for those yet.
>>>
>>> The intended proposal was to rename the project, maintain the current
>>> review team (which is only a handful of Barbican people), and bring on
>>> a few Oslo folks, if any were available and interested, to give advice
>>> about (and +2s for) OpenStack library best practices. However, perhaps
>>> pulling it under oslo's umbrella without a rename is blessing it enough.
>>>
>>> In response to Julien's proposal to make Castellan "the way you can do
>>> key management in Python" -- it would be great if Castellan were that
>>> abstract, but in practice it is pretty OpenStack-specific. Currently,
>>> the Barbican team is great at working on key management projects
>>> (including both Barbican and Castellan), but a lot of our focus now is
>>> how we can maintain and grow integration with the rest of the OpenStack
>>> projects, for which having the name and expertise of oslo would be a
>>> great help.
>>>
>>> Thanks,
>>>
>>> Kaitlin
>>>
>>>_
>>>_
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
>>>openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>>--
>>Davanum Srinivas :: https://twitter.com/dims
>>
>>__
>>OpenStack Development Mailing List (not for usage questions)
>>Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Davanum Srinivas :: https://twitter.com/dims

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-20 Thread Dave McCowan (dmccowan)

This sounds good to me.  I see it as a "promotion" for Castellan into the
core of OpenStack.  I think a good first step in this direction is to
create a castellan-drivers team in Launchpad and a castellan-core team in
Gerrit.  We can seed the list with Barbican core reviewers and any Oslo
volunteers.

The Barbican/Castellan weekly IRC meeting is today at 2000UTC in
#openstack-meeting-alt, if anyone want to join to discuss.

Thanks!
dave-mccowan

On 3/16/17, 12:43 PM, "Davanum Srinivas"  wrote:

>+1 from me to bring castellan under Oslo governance with folks from
>both oslo and Barbican as reviewers without a project rename. Let's
>see if that helps get more adoption of castellan
>
>Thanks,
>Dims
>
>On Thu, Mar 16, 2017 at 12:25 PM, Farr, Kaitlin M.
> wrote:
>> This thread has generated quite the discussion, so I will try to
>> address a few points in this email, echoing a lot of what Dave said.
>>
>> Clint originally explained what we are trying to solve very well. The
>>hope was
>> that the rename would emphasize that Castellan is just a basic
>> interface that supports operations common between key managers
>> (the existing Barbican back end and other back ends that may exist
>> in the future), much like oslo.db supports the common operations
>> between PostgreSQL and MySQL. The thought was that renaming to have
>> oslo part of the name would help reinforce that it's just an interface,
>> rather than a standalone key manager. Right now, the only Castellan
>> back end that would work in DevStack is Barbican. There has been talk
>> in the past for creating other Castellan back ends (Vault or Tang), but
>> no one has committed to writing the code for those yet.
>>
>> The intended proposal was to rename the project, maintain the current
>> review team (which is only a handful of Barbican people), and bring on
>> a few Oslo folks, if any were available and interested, to give advice
>> about (and +2s for) OpenStack library best practices. However, perhaps
>> pulling it under oslo's umbrella without a rename is blessing it enough.
>>
>> In response to Julien's proposal to make Castellan "the way you can do
>> key management in Python" -- it would be great if Castellan were that
>> abstract, but in practice it is pretty OpenStack-specific. Currently,
>> the Barbican team is great at working on key management projects
>> (including both Barbican and Castellan), but a lot of our focus now is
>> how we can maintain and grow integration with the rest of the OpenStack
>> projects, for which having the name and expertise of oslo would be a
>> great help.
>>
>> Thanks,
>>
>> Kaitlin
>> 
>>_
>>_
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: 
>>openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>-- 
>Davanum Srinivas :: https://twitter.com/dims
>
>__
>OpenStack Development Mailing List (not for usage questions)
>Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-16 Thread Joshua Harlow

I'd be fine with it also, not sure it will change much, but meh, worth a 
shot. We are all happy loving people after all, so might as well try to 
help others when we can :-P


-Josh

Davanum Srinivas wrote:

+1 from me to bring castellan under Oslo governance with folks from
both oslo and Barbican as reviewers without a project rename. Let's
see if that helps get more adoption of castellan

Thanks,
Dims

On Thu, Mar 16, 2017 at 12:25 PM, Farr, Kaitlin M.
  wrote:

This thread has generated quite the discussion, so I will try to
address a few points in this email, echoing a lot of what Dave said.

Clint originally explained what we are trying to solve very well. The hope was
that the rename would emphasize that Castellan is just a basic
interface that supports operations common between key managers
(the existing Barbican back end and other back ends that may exist
in the future), much like oslo.db supports the common operations
between PostgreSQL and MySQL. The thought was that renaming to have
oslo part of the name would help reinforce that it's just an interface,
rather than a standalone key manager. Right now, the only Castellan
back end that would work in DevStack is Barbican. There has been talk
in the past for creating other Castellan back ends (Vault or Tang), but
no one has committed to writing the code for those yet.

The intended proposal was to rename the project, maintain the current
review team (which is only a handful of Barbican people), and bring on
a few Oslo folks, if any were available and interested, to give advice
about (and +2s for) OpenStack library best practices. However, perhaps
pulling it under oslo's umbrella without a rename is blessing it enough.

In response to Julien's proposal to make Castellan "the way you can do
key management in Python" -- it would be great if Castellan were that
abstract, but in practice it is pretty OpenStack-specific. Currently,
the Barbican team is great at working on key management projects
(including both Barbican and Castellan), but a lot of our focus now is
how we can maintain and grow integration with the rest of the OpenStack
projects, for which having the name and expertise of oslo would be a
great help.

Thanks,

Kaitlin
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev






__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-16 Thread Davanum Srinivas

+1 from me to bring castellan under Oslo governance with folks from
both oslo and Barbican as reviewers without a project rename. Let's
see if that helps get more adoption of castellan

Thanks,
Dims

On Thu, Mar 16, 2017 at 12:25 PM, Farr, Kaitlin M.
 wrote:
> This thread has generated quite the discussion, so I will try to
> address a few points in this email, echoing a lot of what Dave said.
>
> Clint originally explained what we are trying to solve very well. The hope was
> that the rename would emphasize that Castellan is just a basic
> interface that supports operations common between key managers
> (the existing Barbican back end and other back ends that may exist
> in the future), much like oslo.db supports the common operations
> between PostgreSQL and MySQL. The thought was that renaming to have
> oslo part of the name would help reinforce that it's just an interface,
> rather than a standalone key manager. Right now, the only Castellan
> back end that would work in DevStack is Barbican. There has been talk
> in the past for creating other Castellan back ends (Vault or Tang), but
> no one has committed to writing the code for those yet.
>
> The intended proposal was to rename the project, maintain the current
> review team (which is only a handful of Barbican people), and bring on
> a few Oslo folks, if any were available and interested, to give advice
> about (and +2s for) OpenStack library best practices. However, perhaps
> pulling it under oslo's umbrella without a rename is blessing it enough.
>
> In response to Julien's proposal to make Castellan "the way you can do
> key management in Python" -- it would be great if Castellan were that
> abstract, but in practice it is pretty OpenStack-specific. Currently,
> the Barbican team is great at working on key management projects
> (including both Barbican and Castellan), but a lot of our focus now is
> how we can maintain and grow integration with the rest of the OpenStack
> projects, for which having the name and expertise of oslo would be a
> great help.
>
> Thanks,
>
> Kaitlin
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Davanum Srinivas :: https://twitter.com/dims

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-16 Thread Farr, Kaitlin M.

This thread has generated quite the discussion, so I will try to
address a few points in this email, echoing a lot of what Dave said.

Clint originally explained what we are trying to solve very well. The hope was
that the rename would emphasize that Castellan is just a basic
interface that supports operations common between key managers
(the existing Barbican back end and other back ends that may exist
in the future), much like oslo.db supports the common operations
between PostgreSQL and MySQL. The thought was that renaming to have
oslo part of the name would help reinforce that it's just an interface,
rather than a standalone key manager. Right now, the only Castellan
back end that would work in DevStack is Barbican. There has been talk
in the past for creating other Castellan back ends (Vault or Tang), but
no one has committed to writing the code for those yet.

The intended proposal was to rename the project, maintain the current
review team (which is only a handful of Barbican people), and bring on
a few Oslo folks, if any were available and interested, to give advice
about (and +2s for) OpenStack library best practices. However, perhaps
pulling it under oslo's umbrella without a rename is blessing it enough.

In response to Julien's proposal to make Castellan "the way you can do
key management in Python" -- it would be great if Castellan were that
abstract, but in practice it is pretty OpenStack-specific. Currently,
the Barbican team is great at working on key management projects
(including both Barbican and Castellan), but a lot of our focus now is
how we can maintain and grow integration with the rest of the OpenStack
projects, for which having the name and expertise of oslo would be a
great help.

Thanks,

Kaitlin
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-16 Thread Thierry Carrez

Doug Hellmann wrote:
> Excerpts from Brant Knudson's message of 2017-03-15 10:27:49 -0500:
>> Can the Castellan team be broken out into a new project under the big tent
>> rather than having to go under oslo? Oslo as a catch-all made more sense
>> before the big tent. Also, I always thought part of the deal of moving
>> under oslo is that oslo core reviewers have +2 authority on the repos, but
>> it doesn't look like that's part of the proposal here which was a rename
>> and now is changing launchpad to make Castellan a subproject under oslo
>> (along with some documentation changes).
>>
>> - Brant
> 
> I assumed that bringing it into Oslo would involve adding the oslo-core
> team to whatever review team Castellan already has.

Yes, of course.

To me the main reason to bring it under Oslo is to make it a neutral
abstraction library, and position it as "the common OpenStack way to do
key management". Oslo is the umbrella for common libraries in OpenStack.

-- 
Thierry Carrez (ttx)

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-15 Thread Dave McCowan (dmccowan)

On 3/15/17, 6:51 AM, "Julien Danjou"  wrote:

>On Mon, Mar 13 2017, Clint Byrum wrote:
>
>> To me, Oslo is a bunch of libraries that encompass "the way OpenStack
>> does ". When  is key management, projects are, AFAICT,
>>universally
>> using Castellan at the moment. So I think it fits in Oslo
>> conceptually.
>
>It would be cool if it could rather be "the way you can do XXX in
>Python" rather than being too much OpenStack centric. :)
>
>> As far as what benefit there is to renaming it, the biggest one is
>> divesting Castellan of the controversy around Barbican. There's no
>> disagreement that explicitly handling key management is necessary. There
>> is, however, still hesitance to fully adopt Barbican in that role. In
>> fact I heard about some alternatives to Barbican, namely "Vault"[1] and
>> "Tang"[2], that may be useful for subsets of the community, or could
>> even grow into de facto standards for key management.
>>
>> So, given that there may be other backends, and the developers would
>> like to embrace that, I see value in renaming. It would help, I think,
>> Castellan's developers to be able to focus on key management and not
>> have to explain to every potential user "no we're not Barbican's cousin,
>> we're just an abstraction..".
>
>I don't think the Castellan name is a problem in itself, because at
>least to me it does not sound like it's Barbican specific. I'd prefer it
>to be a Python generic library that supports an OpenStack project as one
>of its driver. So I'd hate to have it named oslo.foobar.
>
>As far as moving it under the Oslo library, I understand that the point
>would be to make a point stating that this library is not a
>Barbican-specific solution etc. I think it addresses the problem in the
>wrongŠ but pragmatic way.
>
>What I think would be more interesting is to rename the _Barbican team_
>to the "People-who-work-on-keychain-stuff team". That team would build 2
>things, which are Barbican and Castellan (and maybe more later). That'd
>make more sense than trying to fit everything in Oslo, and would also
>help other projects to do the same thing in the future, and, maybe, one
>day, alleviate the whole problem.
>
>Other than that, sure, we can move it to Oslo I guess. :)

The Barbican community has always been the
"People-who-work-on-key-management-stuff" team.  We launched Castellan in
2015 with the explicit purpose of being a generic abstraction for key
managers.[1]  At that time, we envisioned developing a KMIP plugin to
connect directly to an HSM.  Currently, the interest level is higher
around a plugin for software based secure storage, such as Vault.
However, patches for additional plugins have not been forthcoming.

Castellan was designed from the ground up to be a generic abstraction, and
I, and the rest of the Barbican community, hope to see more driver
development for it.  If a change of name or governance helps, we're all
for it.  But, I hope everyone knows there is no push back from the
"People-who-work-on-key-management-stuff".  We welcome all contributions.

In addition, we want the Castellan library to be the go-to library for any
project that wants to add key management.  It is already used by Nova,
Cinder, Glance, Neutron, Octavia, and Magnum.  If a change in name or
governance helps other projects adopt Castellan, again, we're all for it.
In the meantime, we encourage and stand ready to help all adopters.

dave-mccowan
PTL, "People-who-work-on-key-management-stuff"

[1] https://wiki.openstack.org/wiki/Castellan

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-15 Thread Brant Knudson

On Wed, Mar 15, 2017 at 5:18 AM, Thierry Carrez 
wrote:

> Julien Danjou wrote:
> > On Tue, Mar 14 2017, Clint Byrum wrote:
> >
> >> +1 for just pulling it under the oslo umbrella but not renaming it. As
> >> much as I like the uniformity oslo.keymanager would bring, I think it's
> >> already adopted well enough we just want to make it clear that it is
> >> blessed and ok to adopt.
> >
> > I don't even get why moving it under the Oslo umbrella is a win.
> >
> > What's the current problem people are trying to solve here?
>
> It's a governance problem. Basically if the abstraction layer is under
> the control of the same group as one of the drivers, it's not really an
> abstraction layer, and nobody will adopt it or develop another driver
> for it.
>
> See Clint's first answer in the thread for a more detailed explanation.
>
> --
> Thierry Carrez (ttx)
>
>
Can the Castellan team be broken out into a new project under the big tent
rather than having to go under oslo? Oslo as a catch-all made more sense
before the big tent. Also, I always thought part of the deal of moving
under oslo is that oslo core reviewers have +2 authority on the repos, but
it doesn't look like that's part of the proposal here which was a rename
and now is changing launchpad to make Castellan a subproject under oslo
(along with some documentation changes).

- Brant
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-15 Thread Julien Danjou

On Mon, Mar 13 2017, Clint Byrum wrote:

> To me, Oslo is a bunch of libraries that encompass "the way OpenStack
> does ". When  is key management, projects are, AFAICT, universally
> using Castellan at the moment. So I think it fits in Oslo
> conceptually.

It would be cool if it could rather be "the way you can do XXX in
Python" rather than being too much OpenStack centric. :)

> As far as what benefit there is to renaming it, the biggest one is
> divesting Castellan of the controversy around Barbican. There's no
> disagreement that explicitly handling key management is necessary. There
> is, however, still hesitance to fully adopt Barbican in that role. In
> fact I heard about some alternatives to Barbican, namely "Vault"[1] and
> "Tang"[2], that may be useful for subsets of the community, or could
> even grow into de facto standards for key management.
>
> So, given that there may be other backends, and the developers would
> like to embrace that, I see value in renaming. It would help, I think,
> Castellan's developers to be able to focus on key management and not
> have to explain to every potential user "no we're not Barbican's cousin,
> we're just an abstraction..".

I don't think the Castellan name is a problem in itself, because at
least to me it does not sound like it's Barbican specific. I'd prefer it
to be a Python generic library that supports an OpenStack project as one
of its driver. So I'd hate to have it named oslo.foobar.

As far as moving it under the Oslo library, I understand that the point
would be to make a point stating that this library is not a
Barbican-specific solution etc. I think it addresses the problem in the
wrong… but pragmatic way.

What I think would be more interesting is to rename the _Barbican team_
to the "People-who-work-on-keychain-stuff team". That team would build 2
things, which are Barbican and Castellan (and maybe more later). That'd
make more sense than trying to fit everything in Oslo, and would also
help other projects to do the same thing in the future, and, maybe, one
day, alleviate the whole problem.

Other than that, sure, we can move it to Oslo I guess. :)

My 2c,

-- 
Julien Danjou
/* Free Software hacker
   https://julien.danjou.info */

signature.asc
Description: PGP signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-15 Thread Julien Danjou

On Wed, Mar 15 2017, Thierry Carrez wrote:

> It's a governance problem. Basically if the abstraction layer is under
> the control of the same group as one of the drivers, it's not really an
> abstraction layer, and nobody will adopt it or develop another driver
> for it.

So we hope that by changing the governance it will change who and how
people contribute to a project?

That sounds far-fetched to me.

-- 
Julien Danjou
# Free Software hacker
# https://julien.danjou.info


signature.asc
Description: PGP signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-15 Thread Thierry Carrez

Julien Danjou wrote:
> On Tue, Mar 14 2017, Clint Byrum wrote:
> 
>> +1 for just pulling it under the oslo umbrella but not renaming it. As
>> much as I like the uniformity oslo.keymanager would bring, I think it's
>> already adopted well enough we just want to make it clear that it is
>> blessed and ok to adopt.
> 
> I don't even get why moving it under the Oslo umbrella is a win.
> 
> What's the current problem people are trying to solve here?

It's a governance problem. Basically if the abstraction layer is under
the control of the same group as one of the drivers, it's not really an
abstraction layer, and nobody will adopt it or develop another driver
for it.

See Clint's first answer in the thread for a more detailed explanation.

-- 
Thierry Carrez (ttx)



signature.asc
Description: OpenPGP digital signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-15 Thread Julien Danjou

On Tue, Mar 14 2017, Clint Byrum wrote:

> +1 for just pulling it under the oslo umbrella but not renaming it. As
> much as I like the uniformity oslo.keymanager would bring, I think it's
> already adopted well enough we just want to make it clear that it is
> blessed and ok to adopt.

I don't even get why moving it under the Oslo umbrella is a win.

What's the current problem people are trying to solve here?

-- 
Julien Danjou
;; Free Software hacker
;; https://julien.danjou.info


signature.asc
Description: PGP signature
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-14 Thread Davanum Srinivas

On Tue, Mar 14, 2017 at 9:27 PM, Clint Byrum  wrote:
> Excerpts from Doug Hellmann's message of 2017-03-14 20:05:54 -0400:
>> Excerpts from Doug Hellmann's message of 2017-03-14 19:20:08 -0400:
>> > Excerpts from Clint Byrum's message of 2017-03-13 13:49:22 -0700:
>> > > Excerpts from Doug Hellmann's message of 2017-03-13 15:12:42 -0400:
>> > > > Excerpts from Farr, Kaitlin M.'s message of 2017-03-13 18:55:18 +:
>> > > > > Proposed library name: Rename Castellan to oslo.keymanager
>> > > > >
>> > > > > Proposed library mission/motivation: Castellan's goal is to provide a
>> > > > > generic key manager interface that projects can use for their key
>> > > > > manager needs, e.g., storing certificates or generating keys for
>> > > > > encrypting data.  The interface passes the commands and Keystone
>> > > > > credentials on to the configured back end. Castellan is not a service
>> > > > > and does not maintain state. The library can grow to have multiple
>> > > > > back ends, as long as the back end can authenticate Keystone
>> > > > > credentials.  The only two back end options now in Castellan are
>> > > > > Barbican and a limited mock key manager useful only for unit tests.
>> > > > > If someone wrote a Keystone auth plugin for Vault, we could also 
>> > > > > have a
>> > > > > Vault back end for Castellan.
>> > > > >
>> > > > > The benefit of using Castellan versus using Barbican directly
>> > > > > is Castellan allows the option of swapping out for other key 
>> > > > > managers,
>> > > > > mainly for testing.  If projects want their own custom back end for
>> > > > > Castellan, they can write a back end that implements the Castellan
>> > > > > interface but lives in their own code base, i.e., ConfKeyManager in
>> > > > > Nova and Cinder. Additionally, Castellan already has oslo.config
>> > > > > options defined which are helpful for configuring the project to talk
>> > > > > to Barbican.
>> > > > >
>> > > > > When the Barbican team first created the Castellan library, we had
>> > > > > reached out to oslo to see if we could name it oslo.keymanager, but 
>> > > > > the
>> > > > > idea was not accepted because the library didn't have enough 
>> > > > > traction.
>> > > > > Now, Castellan is used in many projects, and we thought we would
>> > > > > suggest renaming again.  At the PTG, the Barbican team met with the 
>> > > > > AWG
>> > > > > to discuss how we could get Barbican integrated with more projects, 
>> > > > > and
>> > > > > the rename was also suggested at that meeting.  Other projects are
>> > > > > interested in creating encryption features, and a rename will help
>> > > > > clarify the difference between Barbican and Castellan.
>> > > >
>> > > > Can you expand on why you think that is so? I'm not disagreeing with 
>> > > > the
>> > > > statement, but it's not obviously true to me, either. I vaguely 
>> > > > remember
>> > > > having it explained at the PTG, but I don't remember the details.
>> > > >
>> > >
>> > > To me, Oslo is a bunch of libraries that encompass "the way OpenStack
>> > > does ". When  is key management, projects are, AFAICT, 
>> > > universally
>> > > using Castellan at the moment. So I think it fits in Oslo conceptually.
>> > >
>> > > As far as what benefit there is to renaming it, the biggest one is
>> > > divesting Castellan of the controversy around Barbican. There's no
>> > > disagreement that explicitly handling key management is necessary. There
>> > > is, however, still hesitance to fully adopt Barbican in that role. In
>> > > fact I heard about some alternatives to Barbican, namely "Vault"[1] and
>> > > "Tang"[2], that may be useful for subsets of the community, or could
>> > > even grow into de facto standards for key management.
>> > >
>> > > So, given that there may be other backends, and the developers would
>> > > like to embrace that, I see value in renaming. It would help, I think,
>> > > Castellan's developers to be able to focus on key management and not
>> > > have to explain to every potential user "no we're not Barbican's cousin,
>> > > we're just an abstraction..".
>> > >
>> > > > > Existing similar libraries (if any) and why they aren't being used: 
>> > > > > N/A
>> > > > >
>> > > > > Reviewer activity: Barbican team
>> > > >
>> > > > If the review team is going to be largely the same, I'm not sure I
>> > > > see the benefit of changing the ownership of the library. We certainly
>> > > > have other examples of Oslo libraries being managed mainly by
>> > > > sub-teams made up of folks who primarily focus on other projects.
>> > > > oslo.policy and oslo.versionedobjects come to mind, but in both of
>> > > > those cases the code was incubated in Oslo or brought into Oslo
>> > > > before the tools for managing shared libraries were widely used
>> > > > outside of the Oslo team. We now have quite a few examples of project
>> > > > teams managing shared libraries (other than their clients).
>> > > >
>> > >
>> > > While this

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-14 Thread Clint Byrum

Excerpts from Doug Hellmann's message of 2017-03-14 20:05:54 -0400:
> Excerpts from Doug Hellmann's message of 2017-03-14 19:20:08 -0400:
> > Excerpts from Clint Byrum's message of 2017-03-13 13:49:22 -0700:
> > > Excerpts from Doug Hellmann's message of 2017-03-13 15:12:42 -0400:
> > > > Excerpts from Farr, Kaitlin M.'s message of 2017-03-13 18:55:18 +:
> > > > > Proposed library name: Rename Castellan to oslo.keymanager
> > > > > 
> > > > > Proposed library mission/motivation: Castellan's goal is to provide a
> > > > > generic key manager interface that projects can use for their key
> > > > > manager needs, e.g., storing certificates or generating keys for
> > > > > encrypting data.  The interface passes the commands and Keystone
> > > > > credentials on to the configured back end. Castellan is not a service
> > > > > and does not maintain state. The library can grow to have multiple
> > > > > back ends, as long as the back end can authenticate Keystone
> > > > > credentials.  The only two back end options now in Castellan are
> > > > > Barbican and a limited mock key manager useful only for unit tests.
> > > > > If someone wrote a Keystone auth plugin for Vault, we could also have 
> > > > > a
> > > > > Vault back end for Castellan.
> > > > > 
> > > > > The benefit of using Castellan versus using Barbican directly
> > > > > is Castellan allows the option of swapping out for other key managers,
> > > > > mainly for testing.  If projects want their own custom back end for
> > > > > Castellan, they can write a back end that implements the Castellan
> > > > > interface but lives in their own code base, i.e., ConfKeyManager in
> > > > > Nova and Cinder. Additionally, Castellan already has oslo.config
> > > > > options defined which are helpful for configuring the project to talk
> > > > > to Barbican.
> > > > > 
> > > > > When the Barbican team first created the Castellan library, we had
> > > > > reached out to oslo to see if we could name it oslo.keymanager, but 
> > > > > the
> > > > > idea was not accepted because the library didn't have enough traction.
> > > > > Now, Castellan is used in many projects, and we thought we would
> > > > > suggest renaming again.  At the PTG, the Barbican team met with the 
> > > > > AWG
> > > > > to discuss how we could get Barbican integrated with more projects, 
> > > > > and
> > > > > the rename was also suggested at that meeting.  Other projects are
> > > > > interested in creating encryption features, and a rename will help
> > > > > clarify the difference between Barbican and Castellan.
> > > > 
> > > > Can you expand on why you think that is so? I'm not disagreeing with the
> > > > statement, but it's not obviously true to me, either. I vaguely remember
> > > > having it explained at the PTG, but I don't remember the details.
> > > > 
> > > 
> > > To me, Oslo is a bunch of libraries that encompass "the way OpenStack
> > > does ". When  is key management, projects are, AFAICT, universally
> > > using Castellan at the moment. So I think it fits in Oslo conceptually.
> > > 
> > > As far as what benefit there is to renaming it, the biggest one is
> > > divesting Castellan of the controversy around Barbican. There's no
> > > disagreement that explicitly handling key management is necessary. There
> > > is, however, still hesitance to fully adopt Barbican in that role. In
> > > fact I heard about some alternatives to Barbican, namely "Vault"[1] and
> > > "Tang"[2], that may be useful for subsets of the community, or could
> > > even grow into de facto standards for key management.
> > > 
> > > So, given that there may be other backends, and the developers would
> > > like to embrace that, I see value in renaming. It would help, I think,
> > > Castellan's developers to be able to focus on key management and not
> > > have to explain to every potential user "no we're not Barbican's cousin,
> > > we're just an abstraction..".
> > > 
> > > > > Existing similar libraries (if any) and why they aren't being used: 
> > > > > N/A
> > > > > 
> > > > > Reviewer activity: Barbican team
> > > > 
> > > > If the review team is going to be largely the same, I'm not sure I
> > > > see the benefit of changing the ownership of the library. We certainly
> > > > have other examples of Oslo libraries being managed mainly by
> > > > sub-teams made up of folks who primarily focus on other projects.
> > > > oslo.policy and oslo.versionedobjects come to mind, but in both of
> > > > those cases the code was incubated in Oslo or brought into Oslo
> > > > before the tools for managing shared libraries were widely used
> > > > outside of the Oslo team. We now have quite a few examples of project
> > > > teams managing shared libraries (other than their clients).
> > > > 
> > > 
> > > While this makes sense, I'm not so sure any of those are actually
> > > specifically in the same category as Castellan. Perhaps you can expand
> > > on which libraries have done this, and how they're

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-14 Thread Doug Hellmann

Excerpts from Doug Hellmann's message of 2017-03-14 19:20:08 -0400:
> Excerpts from Clint Byrum's message of 2017-03-13 13:49:22 -0700:
> > Excerpts from Doug Hellmann's message of 2017-03-13 15:12:42 -0400:
> > > Excerpts from Farr, Kaitlin M.'s message of 2017-03-13 18:55:18 +:
> > > > Proposed library name: Rename Castellan to oslo.keymanager
> > > > 
> > > > Proposed library mission/motivation: Castellan's goal is to provide a
> > > > generic key manager interface that projects can use for their key
> > > > manager needs, e.g., storing certificates or generating keys for
> > > > encrypting data.  The interface passes the commands and Keystone
> > > > credentials on to the configured back end. Castellan is not a service
> > > > and does not maintain state. The library can grow to have multiple
> > > > back ends, as long as the back end can authenticate Keystone
> > > > credentials.  The only two back end options now in Castellan are
> > > > Barbican and a limited mock key manager useful only for unit tests.
> > > > If someone wrote a Keystone auth plugin for Vault, we could also have a
> > > > Vault back end for Castellan.
> > > > 
> > > > The benefit of using Castellan versus using Barbican directly
> > > > is Castellan allows the option of swapping out for other key managers,
> > > > mainly for testing.  If projects want their own custom back end for
> > > > Castellan, they can write a back end that implements the Castellan
> > > > interface but lives in their own code base, i.e., ConfKeyManager in
> > > > Nova and Cinder. Additionally, Castellan already has oslo.config
> > > > options defined which are helpful for configuring the project to talk
> > > > to Barbican.
> > > > 
> > > > When the Barbican team first created the Castellan library, we had
> > > > reached out to oslo to see if we could name it oslo.keymanager, but the
> > > > idea was not accepted because the library didn't have enough traction.
> > > > Now, Castellan is used in many projects, and we thought we would
> > > > suggest renaming again.  At the PTG, the Barbican team met with the AWG
> > > > to discuss how we could get Barbican integrated with more projects, and
> > > > the rename was also suggested at that meeting.  Other projects are
> > > > interested in creating encryption features, and a rename will help
> > > > clarify the difference between Barbican and Castellan.
> > > 
> > > Can you expand on why you think that is so? I'm not disagreeing with the
> > > statement, but it's not obviously true to me, either. I vaguely remember
> > > having it explained at the PTG, but I don't remember the details.
> > > 
> > 
> > To me, Oslo is a bunch of libraries that encompass "the way OpenStack
> > does ". When  is key management, projects are, AFAICT, universally
> > using Castellan at the moment. So I think it fits in Oslo conceptually.
> > 
> > As far as what benefit there is to renaming it, the biggest one is
> > divesting Castellan of the controversy around Barbican. There's no
> > disagreement that explicitly handling key management is necessary. There
> > is, however, still hesitance to fully adopt Barbican in that role. In
> > fact I heard about some alternatives to Barbican, namely "Vault"[1] and
> > "Tang"[2], that may be useful for subsets of the community, or could
> > even grow into de facto standards for key management.
> > 
> > So, given that there may be other backends, and the developers would
> > like to embrace that, I see value in renaming. It would help, I think,
> > Castellan's developers to be able to focus on key management and not
> > have to explain to every potential user "no we're not Barbican's cousin,
> > we're just an abstraction..".
> > 
> > > > Existing similar libraries (if any) and why they aren't being used: N/A
> > > > 
> > > > Reviewer activity: Barbican team
> > > 
> > > If the review team is going to be largely the same, I'm not sure I
> > > see the benefit of changing the ownership of the library. We certainly
> > > have other examples of Oslo libraries being managed mainly by
> > > sub-teams made up of folks who primarily focus on other projects.
> > > oslo.policy and oslo.versionedobjects come to mind, but in both of
> > > those cases the code was incubated in Oslo or brought into Oslo
> > > before the tools for managing shared libraries were widely used
> > > outside of the Oslo team. We now have quite a few examples of project
> > > teams managing shared libraries (other than their clients).
> > > 
> > 
> > While this makes sense, I'm not so sure any of those are actually
> > specifically in the same category as Castellan. Perhaps you can expand
> > on which libraries have done this, and how they're similar to Castellan?
> 
> oslo.versionedobjects was extracted from nova, and came with a small
> set of contributors who have made up a subteam of Oslo. As far as
> I know, they rarely contribute outside of that library (I haven't
> checked lately, so apologies if my info is out of

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-14 Thread Thierry Carrez

Clint Byrum wrote:
> Excerpts from Doug Hellmann's message of 2017-03-13 15:12:42 -0400:
>> Excerpts from Farr, Kaitlin M.'s message of 2017-03-13 18:55:18 +:
>>> When the Barbican team first created the Castellan library, we had
>>> reached out to oslo to see if we could name it oslo.keymanager, but the
>>> idea was not accepted because the library didn't have enough traction.
>>> Now, Castellan is used in many projects, and we thought we would
>>> suggest renaming again.  At the PTG, the Barbican team met with the AWG
>>> to discuss how we could get Barbican integrated with more projects, and
>>> the rename was also suggested at that meeting.  Other projects are
>>> interested in creating encryption features, and a rename will help
>>> clarify the difference between Barbican and Castellan.
>>
>> Can you expand on why you think that is so? I'm not disagreeing with the
>> statement, but it's not obviously true to me, either. I vaguely remember
>> having it explained at the PTG, but I don't remember the details.
> 
> To me, Oslo is a bunch of libraries that encompass "the way OpenStack
> does ". When  is key management, projects are, AFAICT, universally
> using Castellan at the moment. So I think it fits in Oslo conceptually.
> 
> As far as what benefit there is to renaming it, the biggest one is
> divesting Castellan of the controversy around Barbican. There's no
> disagreement that explicitly handling key management is necessary. There
> is, however, still hesitance to fully adopt Barbican in that role. In
> fact I heard about some alternatives to Barbican, namely "Vault"[1] and
> "Tang"[2], that may be useful for subsets of the community, or could
> even grow into de facto standards for key management.
> 
> So, given that there may be other backends, and the developers would
> like to embrace that, I see value in renaming. It would help, I think,
> Castellan's developers to be able to focus on key management and not
> have to explain to every potential user "no we're not Barbican's cousin,
> we're just an abstraction..".

Well put.

Long-term, it will also help drive Barbican on the "base services" track
(an oslo.db-compatible database, an oslo.messaging-compatible queue, an
oslo.keymanager-compatible key manager...)

>>> Existing similar libraries (if any) and why they aren't being used: N/A
>>>
>>> Reviewer activity: Barbican team
>>
>> If the review team is going to be largely the same, I'm not sure I
>> see the benefit of changing the ownership of the library. We certainly
>> have other examples of Oslo libraries being managed mainly by
>> sub-teams made up of folks who primarily focus on other projects.
>> oslo.policy and oslo.versionedobjects come to mind, but in both of
>> those cases the code was incubated in Oslo or brought into Oslo
>> before the tools for managing shared libraries were widely used
>> outside of the Oslo team. We now have quite a few examples of project
>> teams managing shared libraries (other than their clients).

While it may be originally seeded by the same people, I think the two
groups may diverge in the future, especially if support for other key
managers is added.

-- 
Thierry Carrez (ttx)

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-13 Thread Clint Byrum

Excerpts from Doug Hellmann's message of 2017-03-13 15:12:42 -0400:
> Excerpts from Farr, Kaitlin M.'s message of 2017-03-13 18:55:18 +:
> > Proposed library name: Rename Castellan to oslo.keymanager
> > 
> > Proposed library mission/motivation: Castellan's goal is to provide a
> > generic key manager interface that projects can use for their key
> > manager needs, e.g., storing certificates or generating keys for
> > encrypting data.  The interface passes the commands and Keystone
> > credentials on to the configured back end. Castellan is not a service
> > and does not maintain state. The library can grow to have multiple
> > back ends, as long as the back end can authenticate Keystone
> > credentials.  The only two back end options now in Castellan are
> > Barbican and a limited mock key manager useful only for unit tests.
> > If someone wrote a Keystone auth plugin for Vault, we could also have a
> > Vault back end for Castellan.
> > 
> > The benefit of using Castellan versus using Barbican directly
> > is Castellan allows the option of swapping out for other key managers,
> > mainly for testing.  If projects want their own custom back end for
> > Castellan, they can write a back end that implements the Castellan
> > interface but lives in their own code base, i.e., ConfKeyManager in
> > Nova and Cinder. Additionally, Castellan already has oslo.config
> > options defined which are helpful for configuring the project to talk
> > to Barbican.
> > 
> > When the Barbican team first created the Castellan library, we had
> > reached out to oslo to see if we could name it oslo.keymanager, but the
> > idea was not accepted because the library didn't have enough traction.
> > Now, Castellan is used in many projects, and we thought we would
> > suggest renaming again.  At the PTG, the Barbican team met with the AWG
> > to discuss how we could get Barbican integrated with more projects, and
> > the rename was also suggested at that meeting.  Other projects are
> > interested in creating encryption features, and a rename will help
> > clarify the difference between Barbican and Castellan.
> 
> Can you expand on why you think that is so? I'm not disagreeing with the
> statement, but it's not obviously true to me, either. I vaguely remember
> having it explained at the PTG, but I don't remember the details.
> 

To me, Oslo is a bunch of libraries that encompass "the way OpenStack
does ". When  is key management, projects are, AFAICT, universally
using Castellan at the moment. So I think it fits in Oslo conceptually.

As far as what benefit there is to renaming it, the biggest one is
divesting Castellan of the controversy around Barbican. There's no
disagreement that explicitly handling key management is necessary. There
is, however, still hesitance to fully adopt Barbican in that role. In
fact I heard about some alternatives to Barbican, namely "Vault"[1] and
"Tang"[2], that may be useful for subsets of the community, or could
even grow into de facto standards for key management.

So, given that there may be other backends, and the developers would
like to embrace that, I see value in renaming. It would help, I think,
Castellan's developers to be able to focus on key management and not
have to explain to every potential user "no we're not Barbican's cousin,
we're just an abstraction..".

> > Existing similar libraries (if any) and why they aren't being used: N/A
> > 
> > Reviewer activity: Barbican team
> 
> If the review team is going to be largely the same, I'm not sure I
> see the benefit of changing the ownership of the library. We certainly
> have other examples of Oslo libraries being managed mainly by
> sub-teams made up of folks who primarily focus on other projects.
> oslo.policy and oslo.versionedobjects come to mind, but in both of
> those cases the code was incubated in Oslo or brought into Oslo
> before the tools for managing shared libraries were widely used
> outside of the Oslo team. We now have quite a few examples of project
> teams managing shared libraries (other than their clients).
> 

While this makes sense, I'm not so sure any of those are actually
specifically in the same category as Castellan. Perhaps you can expand
on which libraries have done this, and how they're similar to Castellan?

[1] https://www.vaultproject.io/
[2] https://github.com/latchset/tang

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-13 Thread Davanum Srinivas

Kaitlin,

On Mon, Mar 13, 2017 at 2:55 PM, Farr, Kaitlin M.
 wrote:
> Proposed library name: Rename Castellan to oslo.keymanager
>
>
>
> Proposed library mission/motivation: Castellan’s goal is to provide a
>
> generic key manager interface that projects can use for their key
>
> manager needs, e.g., storing certificates or generating keys for
>
> encrypting data.  The interface passes the commands and Keystone
>
> credentials on to the configured back end. Castellan is not a service
>
> and does not maintain state. The library can grow to have multiple
>
> back ends, as long as the back end can authenticate Keystone
>
> credentials.  The only two back end options now in Castellan are
>
> Barbican and a limited mock key manager useful only for unit tests.
>
> If someone wrote a Keystone auth plugin for Vault, we could also have a
>
> Vault back end for Castellan.
>
>
>
> The benefit of using Castellan versus using Barbican directly
>
> is Castellan allows the option of swapping out for other key managers,
>
> mainly for testing.  If projects want their own custom back end for
>
> Castellan, they can write a back end that implements the Castellan
>
> interface but lives in their own code base, i.e., ConfKeyManager in
>
> Nova and Cinder. Additionally, Castellan already has oslo.config
>
> options defined which are helpful for configuring the project to talk
>
> to Barbican.
>
>
>
> When the Barbican team first created the Castellan library, we had
>
> reached out to oslo to see if we could name it oslo.keymanager, but the
>
> idea was not accepted because the library didn’t have enough traction.
>
> Now, Castellan is used in many projects, and we thought we would
>
> suggest renaming again.  At the PTG, the Barbican team met with the AWG
>
> to discuss how we could get Barbican integrated with more projects, and
>
> the rename was also suggested at that meeting.  Other projects are
>
> interested in creating encryption features, and a rename will help
>
> clarify the difference between Barbican and Castellan.
>
>
>
> Existing similar libraries (if any) and why they aren't being used: N/A
>
>
>
> Reviewer activity: Barbican team
>
>
>
> Who is going to use this (project involvement): Cinder, Nova, Sahara,
>
> and Glance already use Castellan, Swift has a patch that integrates
>
> Castellan.
>
>
>
> Proposed adoption model/plan: The Castellan library was already created
>
> and produces a functional and useful artifact (a pypi release) and is
>
> integrated into various OpenStack projects and now it is proposed that
>
> the library be moved into the Oslo group's namespace by creating a fork
>
> of Castellan, clean up a few things, create a new oslo.keymanager
>
> release on pypi, and change the projects to use oslo.keymanager.
>

Is the idea that the name change (oslo) will help drive the adoption?

Also, Is the a default backend for say devstack going to be barbican?
Is there a plan to do something else (say a vault based backend) for
very simple scenarios?

>
> Thanks,
>
>
>
> Kaitlin Farr
>
> Software Engineer
>
> The Johns Hopkins University Applied Physics Laboratory
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Davanum Srinivas :: https://twitter.com/dims

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

2017-03-13 Thread Doug Hellmann

Excerpts from Farr, Kaitlin M.'s message of 2017-03-13 18:55:18 +:
> Proposed library name: Rename Castellan to oslo.keymanager
> 
> Proposed library mission/motivation: Castellan's goal is to provide a
> generic key manager interface that projects can use for their key
> manager needs, e.g., storing certificates or generating keys for
> encrypting data.  The interface passes the commands and Keystone
> credentials on to the configured back end. Castellan is not a service
> and does not maintain state. The library can grow to have multiple
> back ends, as long as the back end can authenticate Keystone
> credentials.  The only two back end options now in Castellan are
> Barbican and a limited mock key manager useful only for unit tests.
> If someone wrote a Keystone auth plugin for Vault, we could also have a
> Vault back end for Castellan.
> 
> The benefit of using Castellan versus using Barbican directly
> is Castellan allows the option of swapping out for other key managers,
> mainly for testing.  If projects want their own custom back end for
> Castellan, they can write a back end that implements the Castellan
> interface but lives in their own code base, i.e., ConfKeyManager in
> Nova and Cinder. Additionally, Castellan already has oslo.config
> options defined which are helpful for configuring the project to talk
> to Barbican.
> 
> When the Barbican team first created the Castellan library, we had
> reached out to oslo to see if we could name it oslo.keymanager, but the
> idea was not accepted because the library didn't have enough traction.
> Now, Castellan is used in many projects, and we thought we would
> suggest renaming again.  At the PTG, the Barbican team met with the AWG
> to discuss how we could get Barbican integrated with more projects, and
> the rename was also suggested at that meeting.  Other projects are
> interested in creating encryption features, and a rename will help
> clarify the difference between Barbican and Castellan.

Can you expand on why you think that is so? I'm not disagreeing with the
statement, but it's not obviously true to me, either. I vaguely remember
having it explained at the PTG, but I don't remember the details.

> Existing similar libraries (if any) and why they aren't being used: N/A
> 
> Reviewer activity: Barbican team

If the review team is going to be largely the same, I'm not sure I
see the benefit of changing the ownership of the library. We certainly
have other examples of Oslo libraries being managed mainly by
sub-teams made up of folks who primarily focus on other projects.
oslo.policy and oslo.versionedobjects come to mind, but in both of
those cases the code was incubated in Oslo or brought into Oslo
before the tools for managing shared libraries were widely used
outside of the Oslo team. We now have quite a few examples of project
teams managing shared libraries (other than their clients).

> Who is going to use this (project involvement): Cinder, Nova, Sahara,
> and Glance already use Castellan, Swift has a patch that integrates
> Castellan.
> 
> Proposed adoption model/plan: The Castellan library was already created
> and produces a functional and useful artifact (a pypi release) and is
> integrated into various OpenStack projects and now it is proposed that
> the library be moved into the Oslo group's namespace by creating a fork
> of Castellan, clean up a few things, create a new oslo.keymanager
> release on pypi, and change the projects to use oslo.keymanager.
> 
> Thanks,
> 
> Kaitlin Farr
> Software Engineer
> The Johns Hopkins University Applied Physics Laboratory

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

Re: [openstack-dev] [oslo][barbican][castellan] Proposal to rename Castellan to oslo.keymanager

23 matches

Site Navigation

Mail list logo

Footer information