keystone priorities

	A	B	C	D	E	F
1	Ocata priorities for Keystone, leave a comment to sign up for something

2	New Features that are approved	Status	Bug or Spec reference	Patch / Topic / Gerrit link	Owner	Comments
3	PCI-DSS Query Password Expired Users	Complete	http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/pci-dss-expired-password.html	https://review.openstack.org/#/q/topic:bp/pci-dss-query-password-expired-users	spilla
4	Shadow mapping	Complete	http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/shadow-mapping.html	https://review.openstack.org/#/q/topic:bp/shadow-mapping	lbragstad	groups, projects, roles should all be auto-provisioned, make mappings managed by domain admins, should mapping change invalidate the assignments, what about expiring assignments (based on token)
5	PCI-DSS Notifications	Complete	http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/pci-dss-notification.html	https://review.openstack.org/#/q/topic:bp/pci-dss-notifications	gagehugo
6	Allow retrieving an expired token	Complete	http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/allow-expired.html	https://review.openstack.org/#/q/topic:bp/allow-expired	jamielennox
7	PCI-DSS Password Requirements API	Complete	http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/pci-dss-password-requirements-api.html	https://review.openstack.org/#/q/topic:bp/pci-dss-password-requirements-api	lbragstad
8	Drop Support for Driver Versioning	Complete	http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/drop-driver-version.html	https://review.openstack.org/#/q/topic:bp/removed-as-of-ocata	rderose
9	Per-User Auth Plugin Requirements	Complete	http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/per-user-auth-plugin-requirements.html	https://review.openstack.org/#/q/topic:bp/per-user-auth-plugin-reqs	morgan	Old spec: http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/password-totp-plugin.html
10
11	Bugs that should be addressed in Ocata	Status	Bug or Spec reference	Patch / Topic / Gerrit link	Owner	Comments
12	Federation: Missing domains for federated users	Complete	https://bugs.launchpad.net/keystone/+bug/1642687	https://review.openstack.org/#/q/topic:bug/1642687	rderose
13	PCI: user must change password upon first use	Complete	https://bugs.launchpad.net/keystone/+bug/1645487	https://review.openstack.org/#/c/403916/	rderose
14	KSA/KSC: Hash the Service Token	Complete	https://bugs.launchpad.net/python-keystoneclient/+bug/1654847	https://review.openstack.org/#/q/topic:bug/1654847	lamt
15	KSC/KSA: exceptions raise when uploading large objects	Complete	https://bugs.launchpad.net/python-keystoneclient/+bug/1616105	https://review.openstack.org/#/q/topic:bug/1616105	samuel	will need fixes in ksa and ksc
16	KSC: implied roles bugs	Complete	https://bugs.launchpad.net/python-keystoneclient/+bug/1647934	https://review.openstack.org/#/c/412236/	stevemar
17	Federation: Include `mapped` by default	Complete	https://bugs.launchpad.net/keystone/+bug/1645391	https://review.openstack.org/#/c/403816/	rodrigods
18	Federation: mapping engine tester issues	Complete	https://bugs.launchpad.net/keystone/+bug/1655182	https://review.openstack.org/#/c/418165/	jdennis
19	Federation: cannot delete protocol if user has auth'ed	Complete	https://bugs.launchpad.net/keystone/+bug/1642692	https://review.openstack.org/#/c/415906/9	rodrigods
20	Fernet: rotate doesn't work when disk is full	Complete	https://bugs.launchpad.net/keystone/+bug/1642457	https://review.openstack.org/#/c/413495/	johnlinp
21	Roles: Include domain role when listing role assignments	Complete	https://bugs.launchpad.net/keystone/+bug/1607114	https://review.openstack.org/#/c/373516/	spilla
22	Roles: Assignment not showing inheritance when using --names	Complete	https://bugs.launchpad.net/keystone/+bug/1625230	https://review.openstack.org/#/c/380973/	kanika
23	keystone-doctor: Add tests	Complete	https://bugs.launchpad.net/keystone/+bug/1641621	https://review.openstack.org/#/q/topic:bug/1641621	ravelar
24	keystone-doctor: add developer docs	Complete	https://bugs.launchpad.net/keystone/+bug/1641623	https://review.openstack.org/#/c/399163/	lbragstad
25	Notifications: switch to cadf by default	Complete	https://bugs.launchpad.net/keystone/+bug/1641660	https://review.openstack.org/397339	lamt
26	Performance: Fix a slight regression when caching was fixed	Complete	https://bugs.launchpad.net/keystone/+bug/1641652	https://review.openstack.org/#/c/380376/	breton
27	Performance: Enable ``cache_on_issue`` by default	Complete	https://bugs.launchpad.net/keystone/+bug/1641816	https://review.openstack.org/#/c/383333/	mfisch
28	Policy: Update revoke API to be admin required	Complete	https://bugs.launchpad.net/keystone/+bug/1649446	https://review.openstack.org/#/c/416841/	stevemar	low hanging fruit
29	Upgrade: Make bootstrap idempotent	Complete	https://bugs.launchpad.net/keystone/+bug/1647800	https://review.openstack.org/#/q/topic:bug/1647800	lbragstad
30	Upgrade: add note about triggers needed SUPER priv	Complete	https://bugs.launchpad.net/keystone/+bug/1638368	https://review.openstack.org/#/c/394603/	ravelar
31	LDAP: mapping_populate unhandled exception	Complete	https://bugs.launchpad.net/keystone/+bug/1645571	https://review.openstack.org/#/c/404197/	breton
32	LDAP: Nested groups for AD	Complete	https://bugs.launchpad.net/keystone/+bug/1638603	https://review.openstack.org/389316	ayoung
33	LDAP: add new timeout config option	Complete	https://bugs.launchpad.net/keystone/+bug/1636950	https://review.openstack.org/390948	knasim
34	PCI: When the user is locked they can’t change their password	Complete	https://bugs.launchpad.net/keystone/+bug/1641645	https://review.openstack.org/#/c/404022/	gagehugo
35	PCI: malicious user can DoS a cloud	Complete	https://bugs.launchpad.net/keystone/+bug/1642348	https://review.openstack.org/#/c/398571/	rderose	overlaps with https://bugs.launchpad.net/keystone/+bug/1641642
36	Include healthcheck middleware	Complete	https://bugs.launchpad.net/keystone/+bug/1641654	https://review.openstack.org/#/c/387731/	jlk
37	Verbose 401/403 debug responses	Complete	https://bugs.launchpad.net/keystone/+bug/1625120	https://review.openstack.org/#/c/372433/	amakarov
38	Remove deprecated config option	Complete	https://bugs.launchpad.net/keystone/+bug/1653472	https://review.openstack.org/#/c/416267/	lbragstad
39	SQL: add retry on deadlock for delete user	Complete	https://bugs.launchpad.net/keystone/+bug/1648542	https://review.openstack.org/#/c/416872/	shanguo	low hanging fruit
40	Tests: No need to use pep8 internals	Complete	https://bugs.launchpad.net/keystone/+bug/1652458	https://review.openstack.org/#/q/topic:bug/1652458	stevemar
41	Force use of AuthContext object in .authentcate()	Complete	https://bugs.launchpad.net/keystone/+bug/1656076	https://review.openstack.org/#/c/419693/	morgan
42	V2: Endpoint with missing "region" causes 500 error	Complete	https://bugs.launchpad.net/keystone/+bug/1557166	https://review.openstack.org/#/c/304489/	breton
43
44	Docs	Status	Bug or Spec reference	Patch / Topic / Gerrit link	Owner	Comments
45	Config Reference: Add PCI options	Complete	https://bugs.launchpad.net/keystone/+bug/1641823	https://review.openstack.org/#/c/405711/	shanguo	dupe of https://bugs.launchpad.net/keystone/+bug/1640504
46	Admin Guide: Cleanup LDAP	Complete	https://bugs.launchpad.net/keystone/+bug/1641821	https://review.openstack.org/#/q/topic:bug/1641821	ravelar	http://docs.openstack.org/admin-guide/identity-management.html
47	Admin Guide: Cleanup caching	Complete	https://bugs.launchpad.net/keystone/+bug/1641818	https://review.openstack.org/382655	browne
48	Admin Guide: Add PCI	Complete	https://bugs.launchpad.net/keystone/+bug/1641822	https://review.openstack.org/#/c/399337/	stevemar
49	Dev Docs: clean them all up	Complete	--	https://review.openstack.org/#/q/topic:keystone_doc_cleanup	stevemar	http://docs.openstack.org/developer/keystone/configuration.html
50	API: Add changelog from 3.0->3.7	Complete	https://bugs.launchpad.net/keystone/+bug/1637214	https://review.openstack.org/#/c/399301/	stevemar	http://developer.openstack.org/api-ref/identity/v3/index.html
51
52	Horizon & Keystone work	Status	Bug or Spec reference	Patch / Topic / Gerrit link	Owner	Comments
53	K2K support	Complete	https://blueprints.launchpad.net/horizon/+spec/k2k-federation	https://review.openstack.org/#/q/topic:bp/k2k-horizon	etubillara
54	Make users panel a search first panel, so LDAP works	Complete	--	https://review.openstack.org/#/c/419133/3	dcastellanos
55	v3 policy is not parseable using oslo.policy	Complete	https://bugs.launchpad.net/oslo.policy/+bug/1547684	https://review.openstack.org/#/q/topic:bug/1547684	stevemar
56	bring in kerberos code to django_openstack_auth	Complete	https://bugs.launchpad.net/django-openstack-auth/+bug/1584432	https://review.openstack.org/#/q/topic:bug/1584432	stevemar	Retiring the repo instead
57	Remove token revocation on logout	Complete	https://bugs.launchpad.net/django-openstack-auth/+bug/1637460	https://review.openstack.org/#/c/391183/	_ducttape
58	Default domain usage consistent	Complete	--	https://review.openstack.org/#/c/389679/	crinkle
59
60	https://etherpad.openstack.org/p/ocata-keystone-horizon
61
62	Long goals
63	DevStack v3 by default	Complete	https://etherpad.openstack.org/p/v3-only-devstack	<no single topic>	dims
64	Refactor the token provider	Complete	no bug, it's a refactor	https://review.openstack.org/#/q/topic:cleanup-token-provider	lbragstad
65	Make fernet the default token format	Complete	https://bugs.launchpad.net/keystone/+bug/1561054	https://review.openstack.org/#/q/topic:make-fernet-default	lbragstad
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100