openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #02406
Re: Project Alignment
Dave,
While I'm not Vish, I have been working on/around authentication for the past couple weeks and I'll provide my thoughts.
EC2 and OpenStack Nova APIs should not be affected by the authentication work going on. The Keystone project is the only candidate I'm aware of, and it seems like it is, or soon will be, a good candidate for integration into the stack. Migration to a separate authentication service is going to be tricky, but the goal is to do it as seamlessly as possible. "Near stable" should be able to be promised.
This is the phased approach myself and Brian Waldon have been playing around with:
http://wiki.openstack.org/Nova/AuthManagerSpec
Keystone should be able to provide the features of IAM.
I'm not able to find the PTL meeting logs, perhaps a #startmeeting was never issued for it? I was eavesdropping at the time but can't find the logs, perhaps someone can find them or send them out. The meeting I'm refering to was right after this:
http://eavesdrop.openstack.org/meetings/openstack-meeting/2011/openstack-meeting.2011-05-10-21.01.log.html
-----Original Message-----
From: "Dave Walker" <DaveWalker@xxxxxxxxxx>
Sent: Monday, May 16, 2011 3:33pm
To: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] Project Alignment
On 16/05/11 18:11, Vishvananda Ishaya wrote:
> Hello Everyone,
>
> The PTLs had a quick meeting the other day to try and align some things between the projects. In order for openstack to be successful, it is very important that we create a consistent user experience for users and administrators. We realize that it is hard to find agreement between all developers on implementation details, so we focused less on the idea of code-sharing and more on the idea of bringing the user-experience into alignment. If we are going to be successful in this effort, we all need to realize that we should value doing things the same way over doing things the best way.
>
> We have a few actions that we are taking to help move in this direction.
> 1. Consistent Auth -- all of the projects are working on integrating the keystone project so that we have one auth system. For nova, this means that we may lose some of the rbac features we provide for the ec2 api, but by the diablo release we expect to have equivalent features and a migration plan for cactus deployments.
<SNIP>
Hi Vish,
This is really useful to know, thank you for the highlevel outline.
I didn't quite understand the "Consistent Auth", and what it means for
ec2 api for the Diablo release. Would you be able to confirm the extent
/ roadmap of the ec2 api breakage expected? Are you expecting the base
ec2 api functionality to be near stable throughout the transition, or
are you expecting large breakage?
In regards to the loss of RBAC, is this expected to be transitional; and
be fixable in time for Diabalo release? Essentially, can you clarify
"equivalent features". The blueprint[0] or specification on the wiki[1]
doesn't seem to mention "ec2' anywhere, can you confirm where this was
discussed?
I'd also like to check if consideration on how this might impact
possible future implementation of comparative feature of AWS Identity
and Access Management (IAM)[2] support in both ec2 and openstack API was
discussed?
Additionally, are the logs of the PTL's meeting available anywhere?
Thanks.
[0] https://blueprints.launchpad.net/nova/+spec/integrate-nova-authn
[1] http://wiki.openstack.org/openstack-authn
[2] http://aws.amazon.com/documentation/iam/
Kind Regards,
Dave Walker
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Follow ups
References