The newest OpenStack Security project - what features need to be prioritized to accelerate usage and adoption of Syntribos. What metric do we consider as making this a successful project?
During the recent security mid-cycle the topic of authorizing on cloud applications to cloud services (e.g A compute instance that wants to interact with Swift) was addressed, we designed a reflective pattern that focussed on de-escalating application privilege and moving policy enforcement for applications into the application space, we've called this "Re-entrant policy management for on-cloud applications".
A second, slightly earlier approach using PKI and Barbican exists as a spec called "Instance Users for Cloud Interaction" (https://review.openstack.org/#/c/222293)
In this fishbowl we will briefly introduce both models before inviting the attendees to discuss the relevant benefits and issues with both sets of ideas. The aim is to breed discussion and capture research items to discuss further - we wont fix anything in this session but we will capture the next steps for working towards solving this problem.
The security project has grown to a large, capable team. With multiple projects that exist to benefit the wider security community.
This session looks to the community to answer the question "How can we better serve you?" are more advanced tools required, more visible guidance? Design reviews or perhaps something completely different.
We encourage all active OpenStack Contributors to attend, we want to gather as much information as possible so that we can provide a better service to the community.
