+1 for me.
From: Douglas Mendizabal
douglas.mendiza...@rackspace.commailto:douglas.mendiza...@rackspace.com
Reply-To: OpenStack List
openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org
Date: Wednesday, November 5, 2014 at 4:53 PM
To: OpenStack List
+1 for me as well.
From: Douglas Mendizabal
douglas.mendiza...@rackspace.commailto:douglas.mendiza...@rackspace.com
Reply-To: OpenStack List
openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org
Date: Wednesday, November 5, 2014 at 4:29 PM
To: OpenStack List
confident he is the right person to lead us through
the Kilo cycle, graduation and the first public Cloud deployment of
Barbican at Rackspace.
Thanks,
--
Jarret Raim
@jarretraim
smime.p7s
Description: S/MIME cryptographic signature
___
OpenStack-dev
+1 for me.
Jarret
From: Douglas Mendizabal douglas.mendiza...@rackspace.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: Thursday, July 10, 2014 at 12:11 PM
To: OpenStack List openstack-dev@lists.openstack.org, Nate Reller
rellerrel...@yahoo.com
Subject: [openstack-dev]
+1 for me as well.
Jarret
From: Douglas Mendizabal douglas.mendiza...@rackspace.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: Thursday, July 10, 2014 at 11:55 AM
To: OpenStack List openstack-dev@lists.openstack.org, a...@redhat.com
a...@redhat.com
Subject:
All,
This week is Barbican's mid-cycle meet up. As many of our contributors are
in San Antonio this week, I'm going to cancel our weekly meeting today.
Several of us are still on IRC, so if you need something from us, feel
free to pop into #openstack-barbican and ask.
The etherpad being used
person interested in going to the Keystone sessions or vice
versa.
Once we get a rough head count estimate, Dolph and I can work on getting
everything booked.
Thanks,
--
Jarret Raim
@jarretraim
smime.p7s
Description: S/MIME cryptographic signature
We have not changed anything as of yet. The goal was to see if we could
find some times that work for Jamie, but I haven't done it yet. I'll post
something this week and we'll see if there is consensus.
Thanks,
--
Jarret Raim
@jarretraim
On 5/20/14, 9:22 AM, Clark, Robert Graham robert.cl
to discuss.
Thanks!
--
Jarret Raim
@jarretraim
smime.p7s
Description: S/MIME cryptographic signature
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
So let me try to summarize our conversations from yesterday.
=== Use Case ===
Assume we have a Domain D which contains a large number of individual users.
Each user in the domain creates a public / private key. This key pair is
later used to establish authentication to services, some not from
to solve the stated use case?
Arvind - does this work for you?
Thanks,
Jarret
From: Jarret Raim jarret.r...@rackspace.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: Thursday, May 15, 2014 at 11:40 AM
To: OpenStack List openstack-dev@lists.openstack.org
Cc: Chan, Tim
for
OpenStack and may be able to better answer you question. You can direct a
message to them by including [Horizon] in the subject of your email.
Thanks!
--
Jarret Raim
@jarretraim
From: Hachem Chraiti hachem...@gmail.com
Reply-To: OpenStack List openstack-dev@lists.openstack.org
Date: Wednesday
Zang mentioned that part of the issue is that the private key has to be
stored in the OpenVPN config file. If the config files are generated and
can be stored, then storing the whole config file in Barbican protects the
private key (and any other settings) without having to try to deliver the
key
As the PTL for Barbican, I¹m happy to discuss this more here or at the
Summit.
Not sure if this is an option, but could you store the entire OpenVPN
config file in Barbican rather than just the key? Not sure if you are
generating those on demand or not, but we¹ve had several teams inside
I'd like to throw my name in for PTL for the Key Management Program which
includes the Barbican, python-barbicanclient and Kite projects.
I've been working on Barbican since the first line of code was committed
and was responsible for building the team and desire at Rackspace to start
the
#1) do we believe OFTC is fundamentally better equipped to resist a
DDOS, or do we just believe they are a smaller target? The ongoing DDOS
on meetup.com the past 2 weeks is a good indicator that being a smaller
fish only helps for so long.
It seems like we would need a answer to this question.
All,
Barbican will be having our weekly meeting in #openstack-meeting-alt in 30
minutes at 2:00pm Central, 2000 UTC.
On the list today is a quick discussion covering the status of the
Barbican incubation request. We may also discuss the asymmetric work going
on and possibly an update on Dogtag
I spun one up here
https://etherpad.openstack.org/p/GFoJ4LpK8A
Most of the questions are on our incubation wiki, but I answered each of
the issues from the page you linked.
Thanks,
--
Jarret Raim
@jarretraim
On 2/4/14, 7:45 AM, Thierry Carrez thie...@openstack.org wrote:
Jarret Raim
Paul Kehrer and I are talking about the state of crypto in Python. The
talk isn't specifically about OpenStack, but we will be talking about
various OpenStack related issues including the Barbican service.
Thanks,
Jarret
On 1/30/14, 11:05 AM, Anita Kuno ante...@anteaya.info wrote:
On
area for that work can be found here:
http://docs.cloudkeep.io/barbican-devguide/content/preface.html
The team hangs out in the #openstack-barbican channel on freenode. If you
want to talk, stop on by.
Thanks,
Jarret Raim
smime.p7s
Description: S/MIME cryptographic signature
We are currently hammering out the blueprints for asymmetric key support
(both for escrow and generation). Happy to talk more about your use case if
you are interested. We can do it over email or you can hop into
#openstack-barbican on Freenode and talk to the team there.
Thanks,
Jarret
From:
Thanks Adam.
The guys working on this are hdegikli and reaperhulk. The easiest way to
fine them is in #openstack-barbican. I'll cc reaperhulk on this so you have
his email. I don't think I have hdegikli's email.
Thanks,
Jarret
From: Александра Безбородова bezborodov...@gmail.com
Reply-To:
-Original Message-
From: Sylvain Bauza [mailto:sylvain.ba...@bull.net]
Sent: Wednesday, December 18, 2013 5:04 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] Diversity as a requirement for incubation
Le 18/12/2013 11:40, Thierry
It is a difficult thing to measure, and I don't think the intent is to set
a hard %
for contributions. I think the numbers for Barbican were just illustrating
the
fact that the concrete contributions are very coming very heavily from one
source. That's only one data point, though, and as
-Original Message-
From: Steven Dake [mailto:sd...@redhat.com]
In this particular case, I believe Barbican is not ready for incubation
because
of their dependence on celery, but ultimately I don't make the decision :)
We've landed the PR that removes celery and replaces it with
On 12/13/13, 7:56 AM, Russell Bryant rbry...@redhat.com wrote:
1) Are each of the items you mention big enough to have a sustainable
team that can exist as its own program?
The answer here for Barbican and Keystone is yes.
2) Would there be a benefit of *changing* the scope and mission of the
On 12/13/13, 4:50 AM, Thierry Carrez thie...@openstack.org wrote:
If you remove Jenkins and attach Paul Kehrer, jqxin2006 (Michael Xin),
Arash Ghoreyshi, Chad Lung and Steven Gonzales to Rackspace, then the
picture is:
67% of commits come from a single person (John Wood)
96% of commits come
The barbican meeting today will cover our progress on the incubation
issues brought up by the TC, test planning and any other issues.
If you are interested in barbican and have questions, stop on by
#openstack-meeting-alt in 20 minutes.
Thanks,
--
Jarret Raim
@jarretraim
smime.p7s
I'd like to look at keeping things simple when they can be simple. I
need to understand why there¹s
already a key distribution service under keystone?
https://review.openstack.org/#/c/40692/18/openstack-identity-api/v3/src/ma
rkdown/identity-api-v3-os-kds-ext.md
I¹ve said before that I think
Barbican is having our official IRC meeting in #openstack-meeting-alt today
at 2 central or 2000 UTC.
The main topic of conversation will be the tasks / comments that came up
from our incubation request. We welcome anyone with additional questions or
comments to come join us.
Thanks,
Jarret
While I am all for adding a new program, I think we should only add one
if we
rule out all existing programs as a home. With that in mind why not add
this
to the keystone program? Perhaps that may require a tweak to keystones
mission
statement, but that is doable. I saw a partial answer
With the introduction of programs (think: official teams), all
incubated/integrated projects must belong to an official program... So
when a project applies for incubation but is not part of an official
program yet, it de-facto also applies to be considered a program.
Ahh, understood. So I guess
I think there's something else you should take under consideration.
Oslo messaging is not just an OpenStack library. It's the RPC library
that all projects are relying on and one of the strong goals we have
in OpenStack is to reduce code and efforts duplications. We'd love to
have more people
The API and developer documentation is at
http://docs.openstack.org/developer/oslo.messaging/
This is great, thanks for the link. Would there be any objections to
adding this to the github repo and the openstack wiki pages? I spent a
bunch of time looking and wasn¹t able to turn this up.
-barbican and you can
contact us using the barbi...@lists.rackspace.com mailing list if desired.
Thanks,
Jarret Raim |Security Intrapreneur
-
5000 Walzem RoadOffice: 210.312.3121
San Antonio, TX 78218
shortlog -s -e | sort -n -r
172 John Wood john.w...@rackspace.com
150 jfwood john.w...@rackspace.com
65 Douglas Mendizabal douglas.mendiza...@rackspace.com
39 Jarret Raim jarret.r...@rackspace.com
17 Malini K. Bhandaru malini.k.bhand...@intel.com
10 Paul Kehrer paul.l.keh...@gmail.com
* Process
** Project must be hosted under stackforge (and therefore use git as
its VCS)
I see that barbican is now on stackforge, but python-barbicanclient is
still on github. Is that being moved soon?
** Project must obey OpenStack coordinated project interface (such as
tox,
Uses tox, but not pbr or global requirements
I added a ŒTasks¹ section for stuff we need to do from this review and
I¹ve added these tasks. [4]
[4] https://wiki.openstack.org/wiki/Barbican/Incubation
Awesome. Also, if you don't mind - we should add testr to that list.
We're looking at
There are two big parts to this, I think. One is techincal - a significant
portion
of OpenStack deployments will not work with this because Celery does not
work with their deployed messaging architecture.
See another reply in this thread for an example of someone that sees the
inability
I've been anxious to try out Barbican, but haven't had quite enough time
to
try it yet. But finding out it won't work with Qpid makes it unworkable
for us
at the moment. I think a large swath of the OpenStack community won't be
able to use it in this form too.
As mentioned in the other
I also don't like that the discussions suggested that because it would be
hard
to get Barbican incubated/integrated it should not be used. That is just
crazy
talk. TripleO merged with Tuskar because Tuskar is part of deployment.
We are completing our incubation request for Barbican right now.
at 20:08 +, Jarret Raim wrote:
The Barbican team has been taking a look at the KDS feature and the
proposed patch and I think this may be better placed in Barbican rather
than Keystone. The patch, from what I can tell, seems to require that a
service account create use a key under its own
The Barbican team has been taking a look at the KDS feature and the
proposed patch and I think this may be better placed in Barbican rather
than Keystone. The patch, from what I can tell, seems to require that a
service account create use a key under its own tenant. In this use case,
Barbican can
A little more detail. We cut our feature complete release along with everyone
else for Havana M3. We are currently standing up the production environments
for the code. So, we believe that the codebase is pretty stable, but it has not
been run in production yet.
As John said, we're happy to
introduce another moving
part.
Thanks,
Jarret Raim
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Dolph Mathews wrote:
With regard
to:
https://blueprints.launchpad.net/keystone/+spec/key-distribution-server
[...]
Dolph: you don't mention Barbican at all, does that mean that the issue
is settled and the KDS should live in keystone ?
Dolph and I talked about having a design session to
into their applications.
Now if we can just get HSM vendors to install Barbican on their devices,
maybe we'd have something :)
Thanks,
Jarret
Regards,
Arvind
From: Jarret Raim [mailto:jarret.r...@rackspace.com]
Sent: Monday, July 22, 2013 2:38 PM
To: OpenStack Development Mailing
features that barbican provides. I will
take a look at the barbican architecture and join discussions there.
Thanks, we'd love the help.
Jarret
Thanks,
Bill
From: Jarret Raim [mailto:jarret.r...@rackspace.com]
Sent: Friday, July 19, 2013 9:46 AM
To: OpenStack Development Mailing List
I'm the product owner for Barbican at Rackspace. I'll take a shot an answering
your questions.
1. What is the state of the project, is it in the state where it can be
utilized in production deployments?
We currently in active development and pushing for our 1.0 release for Havana.
As to
I'm not sure that I agree with this direction. In our investigation, KMIP is a
problematic protocol for several reasons:
* We haven't found an implementation of KMIP for Python. (Let us know if
there is one!)
* Support for KMIP by HSM vendors is limited.
* We haven't found software
I've spent some time thinking about how Barbican (Key Management) can help
in this workflow.
We will have the ability to generate SSH keys (and a host of other key
certificate types). This is backed by cryptographically sound code and
we've spent some time figuring out the entropy problem and
the keys yourself,
than that seems fine.
On 7/2/13 9:07 AM, Jay Pipes jaypi...@gmail.com wrote:
On 07/02/2013 09:49 AM, Jarret Raim wrote:
I've spent some time thinking about how Barbican (Key Management) can
help
in this workflow.
We will have the ability to generate SSH keys (and a host
On 7/2/13 12:43 PM, Simo Sorce s...@redhat.com wrote:
On Tue, 2013-07-02 at 16:55 +, Tiwari, Arvind wrote:
Hi Simo,
I am lost.
Does Barbican is product came out of
https://wiki.openstack.org/wiki/KeyManager BP?
Yes Barbican is an implementation of this Blueprint afaik.
Barbican is
http://www.openstack.org/summit/portland-2013/session-videos
Jarret
From: Openstack
[mailto:openstack-bounces+jarret.raim=rackspace@lists.launchpad.net] On
Behalf Of Anton Massoud
Sent: Thursday, April 25, 2013 6:14 AM
To: openstack@lists.launchpad.net
Subject: [Openstack] Hava sumit
. Not sure anyone is
doing that yet, just a possible use case.
Thanks,
Jarret Raim
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help : https
55 matches
Mail list logo