← Back to team overview

openstack team mailing list archive

Re: Project Alignment

 

Dave,

While I'm not Vish, I have been working on/around authentication for the past couple weeks and I'll provide my thoughts.

EC2 and OpenStack Nova APIs should not be affected by the authentication work going on. The Keystone project is the only candidate I'm aware of, and it seems like it is, or soon will be, a good candidate for integration into the stack. Migration to a separate authentication service is going to be tricky, but the goal is to do it as seamlessly as possible. "Near stable" should be able to be promised.

This is the phased approach myself and Brian Waldon have been playing around with:
http://wiki.openstack.org/Nova/AuthManagerSpec

Keystone should be able to provide the features of IAM.

I'm not able to find the PTL meeting logs, perhaps a #startmeeting was never issued for it? I was eavesdropping at the time but can't find the logs, perhaps someone can find them or send them out. The meeting I'm refering to was right after this:

http://eavesdrop.openstack.org/meetings/openstack-meeting/2011/openstack-meeting.2011-05-10-21.01.log.html



-----Original Message-----
From: "Dave Walker" <DaveWalker@xxxxxxxxxx>
Sent: Monday, May 16, 2011 3:33pm
To: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Project Alignment

On 16/05/11 18:11, Vishvananda Ishaya wrote:
> Hello Everyone,
>
> The PTLs had a quick meeting the other day  to try and align some things between the projects.  In order for openstack to be successful, it is very important that we create a consistent user experience for users and administrators.  We realize that it is hard to find agreement between all developers on implementation details, so we focused less on the idea of code-sharing and more on the idea of bringing the user-experience into alignment. If we are going to be successful in this effort, we all need to realize that we should value doing things the same way over doing things the best way.
>
> We have a few actions that we are taking to help move in this direction.
> 1. Consistent Auth -- all of the projects are working on integrating the keystone project so that we have one auth system.  For nova, this means that we may lose some of the rbac features we provide for the ec2 api, but by the diablo release we expect to have equivalent features and a migration plan for cactus deployments.
<SNIP>

Hi Vish,

This is really useful to know, thank you for the highlevel outline.

I didn't quite understand the "Consistent Auth", and what it means for 
ec2 api for the Diablo release.  Would you be able to confirm the extent 
/ roadmap of the ec2 api breakage expected?  Are you expecting the base 
ec2 api functionality to be near stable throughout the transition, or 
are you expecting large breakage?

In regards to the loss of RBAC, is this expected to be transitional; and 
be fixable in time for Diabalo release?  Essentially, can you clarify 
"equivalent features".  The blueprint[0] or specification on the wiki[1] 
doesn't seem to mention "ec2' anywhere, can you confirm where this was 
discussed?

I'd also like to check if consideration on how this might impact 
possible future implementation of comparative feature of AWS Identity 
and Access Management (IAM)[2] support in both ec2 and openstack API was 
discussed?

Additionally, are the logs of the PTL's meeting available anywhere?

Thanks.

[0] https://blueprints.launchpad.net/nova/+spec/integrate-nova-authn
[1] http://wiki.openstack.org/openstack-authn
[2] http://aws.amazon.com/documentation/iam/

Kind Regards,
Dave Walker

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp




Follow ups

References