)]}'
{"reference/upstream-investment-opportunities/2019/rbac.rst":[{"author":{"_account_id":17068,"name":"Jean-Philippe Evrard","email":"openstack@a.spamming.party","username":"evrardjp"},"change_message_id":"40ba8b6e3ec7d5d4d52ced3e0a27b19c90bcd2d9","unresolved":false,"context_lines":[{"line_number":14,"context_line":"Business Case"},{"line_number":15,"context_line":"-------------"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Sponsorship of contributors to this RBAC initiative positions them to"},{"line_number":18,"context_line":"influence direction and drive implementation choices on critical"},{"line_number":19,"context_line":"infrastructure used by every OpenStack project and every OpenStack"},{"line_number":20,"context_line":"deployment -- ensuring that an organization\u0027s downstream requirements"},{"line_number":21,"context_line":"are fully understood and taken into account."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Because of its use in every OpenStack project, work on this RBAC"},{"line_number":24,"context_line":"initiative is a good way to build reputation and influence upstream,"},{"line_number":25,"context_line":"and at the same time gain vital in-house expertise for an"},{"line_number":26,"context_line":"organization\u0027s downstream deployments or software distributions."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Technical Details"},{"line_number":29,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3fa7e38b_0afe1f6b","line":26,"range":{"start_line":17,"start_character":0,"end_line":26,"end_character":64},"updated":"2019-10-01 12:01:10.000000000","message":"I am not sure this business case section really encompass the business value for the leadership of some organization which might come across it.\n\nIMO, the business case could be that the inconsistent RBAC could very costly -- it could lead to security issues, or role inefficiencies.","commit_id":"75c9c26c482bc27f66f41225d61f562fa20f6f0b"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"1db4d72412699ebee74a322ad4cee9256642047a","unresolved":false,"context_lines":[{"line_number":14,"context_line":"Business Case"},{"line_number":15,"context_line":"-------------"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Sponsorship of contributors to this RBAC initiative positions them to"},{"line_number":18,"context_line":"influence direction and drive implementation choices on critical"},{"line_number":19,"context_line":"infrastructure used by every OpenStack project and every OpenStack"},{"line_number":20,"context_line":"deployment -- ensuring that an organization\u0027s downstream requirements"},{"line_number":21,"context_line":"are fully understood and taken into account."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Because of its use in every OpenStack project, work on this RBAC"},{"line_number":24,"context_line":"initiative is a good way to build reputation and influence upstream,"},{"line_number":25,"context_line":"and at the same time gain vital in-house expertise for an"},{"line_number":26,"context_line":"organization\u0027s downstream deployments or software distributions."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Technical Details"},{"line_number":29,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3fa7e38b_ca7487d3","line":26,"range":{"start_line":17,"start_character":0,"end_line":26,"end_character":64},"in_reply_to":"3fa7e38b_0afe1f6b","updated":"2019-10-01 12:19:43.000000000","message":"Good point, but it would be best to frame it in a way that answers the question: why should *my* company do this work rather than just benefiting from the work others do?","commit_id":"75c9c26c482bc27f66f41225d61f562fa20f6f0b"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"dd349034433fce2ad334c5ea6a256ddc393bac08","unresolved":false,"context_lines":[{"line_number":14,"context_line":"Business Case"},{"line_number":15,"context_line":"-------------"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Sponsorship of contributors to this RBAC initiative positions them to"},{"line_number":18,"context_line":"influence direction and drive implementation choices on critical"},{"line_number":19,"context_line":"infrastructure used by every OpenStack project and every OpenStack"},{"line_number":20,"context_line":"deployment -- ensuring that an organization\u0027s downstream requirements"},{"line_number":21,"context_line":"are fully understood and taken into account."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Because of its use in every OpenStack project, work on this RBAC"},{"line_number":24,"context_line":"initiative is a good way to build reputation and influence upstream,"},{"line_number":25,"context_line":"and at the same time gain vital in-house expertise for an"},{"line_number":26,"context_line":"organization\u0027s downstream deployments or software distributions."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Technical Details"},{"line_number":29,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3fa7e38b_d8c9bd5a","line":26,"range":{"start_line":17,"start_character":0,"end_line":26,"end_character":64},"in_reply_to":"3fa7e38b_983345f7","updated":"2019-10-01 13:42:41.000000000","message":"I should have elaborated on business cases when I originally wrote this. I missed a good one.\n\nIf you operate a deployment that relates to financial or medical information, you will benefit from consistent RBAC because you\u0027re probably subject to audits and strict regulations. Or if you sell software to financial institutions, medical facilities, or branches of government, consistent RBAC is almost always a requirement before you install OpenStack.\n\nSome organizations can\u0027t even begin to use OpenStack because the current approach to RBAC violates regulations they need to meet.","commit_id":"75c9c26c482bc27f66f41225d61f562fa20f6f0b"},{"author":{"_account_id":17068,"name":"Jean-Philippe Evrard","email":"openstack@a.spamming.party","username":"evrardjp"},"change_message_id":"3b0099854a6aa30222c5f8998246a80e57bb7a7d","unresolved":false,"context_lines":[{"line_number":14,"context_line":"Business Case"},{"line_number":15,"context_line":"-------------"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Sponsorship of contributors to this RBAC initiative positions them to"},{"line_number":18,"context_line":"influence direction and drive implementation choices on critical"},{"line_number":19,"context_line":"infrastructure used by every OpenStack project and every OpenStack"},{"line_number":20,"context_line":"deployment -- ensuring that an organization\u0027s downstream requirements"},{"line_number":21,"context_line":"are fully understood and taken into account."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Because of its use in every OpenStack project, work on this RBAC"},{"line_number":24,"context_line":"initiative is a good way to build reputation and influence upstream,"},{"line_number":25,"context_line":"and at the same time gain vital in-house expertise for an"},{"line_number":26,"context_line":"organization\u0027s downstream deployments or software distributions."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Technical Details"},{"line_number":29,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3fa7e38b_983345f7","line":26,"range":{"start_line":17,"start_character":0,"end_line":26,"end_character":64},"in_reply_to":"3fa7e38b_ca7487d3","updated":"2019-10-01 13:13:10.000000000","message":"Yup that\u0027s good too :)","commit_id":"75c9c26c482bc27f66f41225d61f562fa20f6f0b"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"62a6d9c126157abb5dac4e0ea80c889f7a949d9f","unresolved":false,"context_lines":[{"line_number":14,"context_line":"Business Case"},{"line_number":15,"context_line":"-------------"},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"Sponsorship of contributors to this RBAC initiative positions them to"},{"line_number":18,"context_line":"influence direction and drive implementation choices on critical"},{"line_number":19,"context_line":"infrastructure used by every OpenStack project and every OpenStack"},{"line_number":20,"context_line":"deployment -- ensuring that an organization\u0027s downstream requirements"},{"line_number":21,"context_line":"are fully understood and taken into account."},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"Because of its use in every OpenStack project, work on this RBAC"},{"line_number":24,"context_line":"initiative is a good way to build reputation and influence upstream,"},{"line_number":25,"context_line":"and at the same time gain vital in-house expertise for an"},{"line_number":26,"context_line":"organization\u0027s downstream deployments or software distributions."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"Technical Details"},{"line_number":29,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":2,"id":"3fa7e38b_3849f18a","line":26,"range":{"start_line":17,"start_character":0,"end_line":26,"end_character":64},"in_reply_to":"3fa7e38b_d8c9bd5a","updated":"2019-10-01 13:54:54.000000000","message":"It would be good if Keystone/RBAC folks took over this review  (or propose a new one and I\u0027ll abandon this one) so that Colleen\u0027s point is addressed and the best business case is presented.  My aim in proposing these reviews was to move the agenda and I really have no informed stake in the particulars of *this* review itself (though I\u0027ve learned something and will try to help from the manila side with adjustments to align with consistent RBAC).","commit_id":"75c9c26c482bc27f66f41225d61f562fa20f6f0b"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"c2b878b8251cabc91bfe7334018faf419b98d25a","unresolved":false,"context_lines":[{"line_number":28,"context_line":"provides the best means to secure your organization\u0027s OpenStack deployment and"},{"line_number":29,"context_line":"to make security maintenance less error-prone. This is especially incumbent upon"},{"line_number":30,"context_line":"organizations that are subject to security audits and strict regulations for"},{"line_number":31,"context_line":"whom OpenStack\u0027s lack of consistent RBAC prohibits production use."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"Technical Details"},{"line_number":34,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3fa7e38b_99071918","line":31,"updated":"2019-12-09 19:50:29.000000000","message":"Can we lead with this?\n\nThere are a lot of organisations (all public clouds for a start, but also others of the kind you describe here) for whom the current default policies are entirely unsuitable, and they\u0027re all spending considerable amounts of effort every time they upgrade OpenStack in creating and verifying those policies, and they\u0027re exposed to a substantial business risk if they get it wrong. Investing in creating good defaults once will reduce the cost of every upgrade, which in turn will improve their time-to-market with features and bug fixes, all while reducing business risks.\n\nBuilding influence is nice and all but it seems unlikely to keep the target audience reading until paragraph 3; this is the much more compelling point.","commit_id":"8aee2e343e943dfc4325b63f889c09b129830644"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"13eed21b906cafdc00e718500e583baa3e8b9f53","unresolved":false,"context_lines":[{"line_number":28,"context_line":"provides the best means to secure your organization\u0027s OpenStack deployment and"},{"line_number":29,"context_line":"to make security maintenance less error-prone. This is especially incumbent upon"},{"line_number":30,"context_line":"organizations that are subject to security audits and strict regulations for"},{"line_number":31,"context_line":"whom OpenStack\u0027s lack of consistent RBAC prohibits production use."},{"line_number":32,"context_line":""},{"line_number":33,"context_line":"Technical Details"},{"line_number":34,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3fa7e38b_650ceb43","line":31,"in_reply_to":"3fa7e38b_99071918","updated":"2020-01-07 10:54:25.000000000","message":"Makes sense to me.","commit_id":"8aee2e343e943dfc4325b63f889c09b129830644"}]}