►
From YouTube: Workspace Redesign Debrief 2022 10 31 08 02 GMT 6
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
C
B
So
maybe
just
as
a
summary,
as
some
new
people
are
here,
the
problem
and
I
think
there's
a
sketch
here,
probably
is
a
problem.
We
we
put
into
the
cluster
workspace
system
into
the
data
structure.
If
you
want,
we
need
to
have
access
to
the
parent
through
a
number
of
things,
just
to
know
that
a
workspace
exists.
We
need
the
workspace
object
or
the
cluster
workspace
object
in
the
parent
workspace
to
know
that
a
user
is
able
or
allowed
to
access
the
workspace.
We
have
to
look
into
airbag
of
the
parent
workspace.
B
So
there's
always
this
reference
as
a
parent
and
imagine
the
hierarchy
of
workspaces
is
distributed,
so
it's
distributed
over
charts
for
sure
and
it
might
even
be
Regional
distributed,
so
your
parent
can
be
in
the
yes.
While
the
workspace
is
in
Europe
and
that's
a
bad
design
and
we
we
saw
the
struggle
already
before
in
some
areas
like
virtual
workspace
implementation,
we
had
it
already
there
and
we
were
thinking
about
ways
to
to
solve
that.
Basically
to
remove
this
queue
between
workspace
and
parent
yeah,
so
I'm
not
sure
Andy.
C
I
can
because
it's
my
handwriting,
so
so
we
were
we.
We
had
several
different
topics
that
we
discussed
as
we
scroll
through
this
drawing
here.
So
the
first
thing
that
we
were
talking
about
was-
and
this
was
something
that
is
in
the
hack
MD-
that
Stefan
started
a
while
ago,
which
is
what,
if
we
made
workspace,
which
is
currently
a
projected
virtual
resource,
an
actual
thing
that's
stored
in
at
CD,
and
then
we
take
cluster
workspace,
which
is
the
name
for
the
the
thing
that
is
currently
stored
in
fcde.
C
We
either
keep
the
name,
or
maybe
we
change
it
to
something
like
logical
cluster,
but
workspace
would
be
the
user-facing
API
like
it
currently
is,
so
you
would
create
a
workspace
delete
a
workspace
Etc,
but
the
act
of
creating
a
workspace
would
change
a
little
bit.
So
you
would
say
I
would
like
to
make
a
new
workspace
called
Foo,
and
the
first
thing
that
would
happen
is
that
would
we
would
generate
a
unique
identifier
to
represent,
should
I
keep
going
Serge
or
should
I.
D
C
So
today,
workspace
is
a
projected
resource,
because
there
are
details
on
the
underlying
cluster
workspace
that
we
don't
want
to
expose
to
users
such
as
The
Shard
that
it's
been
scheduled
on.
So
there
are
fields
on
the
cluster
workspace
that
are
system
fields
that
we
don't
want
to
be
visible,
and
so,
when
you
go
and
you
create
a
workspace,
there
is
a
custom
rest
Handler
for
V1
beta
1
workspaces,
which
implements
the
logic
to
create
a
cluster
workspace
on
behalf
of
you
as
a
user.
C
It
right
now
you
automatically
by
default,
get
scheduled
to
the
root
Shard.
But
you
know
you
could
get
scheduled
to
a
different
one,
and
so
we
just
hide
the
underlying
data
details.
We
would
continue
to
hide
the
underlying
data
details
for
the
most
part
and
to
a
user.
You
wouldn't
really
know
that
there's
any
difference
between
a
workspace
being
a
projected
resource
versus
an
actual
resource
back
to
net
CD
it'd
still
be
the
same
type
of
API.
C
So
the
first
thing
that
would
happen
is
we
would
generate
a
unique
ID,
and
this
unique
ID
basically
represents
the
The
Logical
cluster
and
there
would
be
a
scheduler
that
would
create
the
cluster
workspace,
slash,
logical
cluster
on
some
Shard
somewhere,
and
this
basically
represents
itself
or
like
dot
in
Linux
parlance,
and
so
it
would
contain
this.
This
unique
ID
that
was
generated.
D
To
remember
what
else
we
talked
about
in
here
right
to
get
an
understanding
so
like
essentially
the
semantic
would
remain
the
same.
We
would
have
like
two
things
well
yeah.
We
would
have
two
things:
on
the
one
hand,
side
the
workspace
that
the
user
isn't
directing
with
and
they
think
that
has
additional
metadata
attached
to
it,
and
that
would
be
the
logical
cluster.
The
biggest
difference
would
be
that
The
Logical
cluster
would
be
created
asynchronously
using
the
scheduler,
like
literally.
C
B
B
B
We
also
thought
about
I'm,
not
sure
this
comes
later.
Maybe
there
could
be
a
luxury
cluster
existing
without
a
workspace,
for
other
reasons,
like
think
of
this
Google
Cloud
Model,
where
you
create
an
object,
a
document
and
it
just
exists
right,
nobody
cares
about
the
directory
if
that
would
be
possible.
So
workspace
is
really
just
this
one
way
to
claim
there
might
be
three
others.
D
C
Right
I'm
gonna
skip
down
here,
okay,
so
we
had
some
discussions
around
homework,
spaces
and
organizational
workspaces.
So
one
thing
that
we
said
was
well:
we
don't
really
need
a
user's
home
workspace
to
be
under
a
root.
It
doesn't
really
need
to
be
anywhere
in
the
hierarchy.
It's
their
homework
space
and
it
and
the
fact
that
we
group
homework
spaces
together
under
root
users.
Now
is
because
we
have
to
put
them
somewhere,
and
that
is
the
most
sensible
place
to
put
it.
C
C
C
Let's
see
where
does
a
user
need
to
or
what?
What
is
that
right?
Here,
what
just
needs
you
need
to?
Oh:
when
does
the
user
need
to
do
something
with
an
ID
so
that
we
were
having
a
conversation
around
if
we
generate
going
back
up
here?
If
we
generate
this
unique
ID?
That
represents
a
logical
cluster
and
really
you
know
the
workspace
has
a
friendly
name,
which
is
Foo
and
it
has
a
unique
ID.
C
Are
there
situations
where
the
user
needs
to
put
that
gobbledygook
of
an
ID
somewhere
and
right
now,
the
API
binding
has
a
reference
to
an
API
export
workspace
cluster
workspaces
point
to
a
cluster
workspace
type,
which
includes
a
path.
Cluster
workspace
type,
exp
extends
other
cluster
workspace
types,
so,
basically
anywhere
that
there's
a
workspace
reference,
we
need
to
be
referencing
either
the
human
readable
name
or
an
ID
and
Stefan
had
an
idea
around
what
to
do
with
that
in
terms
of
resolution,
if
you
want
to
share
that
stuff.
D
B
Term
I
mean
it's
a:
we
need
it
on
both
sides,
probably
but
yeah
as
workspace
will
have
to
type
yes
and
everywhere.
We,
where
we
have
those
colon
separated
paths,
we
would
resolve
that
to
the
ID,
probably
in
that
mission
very
early
and
stored
in
this
pack
and
the
user,
they
can
use
the
ID
I
mean
it's
totally
fine,
but
they
can
also
use
the
other
notation,
and
maybe
it's
a
woodwork
space
which
we
have
today.
B
It
just
has
a
ID
root,
nothing
special,
it's
just
R
oot,
that's
the
idea
of
it
and
basic
notation
is
ID
colon
subtree
right,
so
wood
is
not
special
at
all.
It's
just
one,
one
of
those,
it's
a
primary
canonical
root
of
the
system,
but
if
you
want
to
reference
something
in
your
home,
you
just
write
the
idea
of
your
home,
colon
Something.
C
Yes,
let's
see,
we
also
talked
about
like
right
now.
The
cluster
workspace
type
resolution
depends
on
the
full
workspace
tree
and
we
could,
if
you
have
a
workspace
and
it
is
of
a
particular
type,
you
would
look
in
the
current
hierarchy.
So,
like
I,
have
you
know
a
b
c
like
a
is
a
parent
B
is
a
child
c
as
a
child
and
I'm
going
to
create
another
child.
B
And
be
able
to
probably
we
might
reference
parents
some
in
some
way
like
through
a
rotation,
but
we
we
talked
about
that.
Like
basically
do
we
want
a
singularly
linked
list
or
if
it
will
go
into
both
directions
for
every
path
in
the
hierarchy,
and
this
is
task
to
look
for.
Parents
is
exactly
for
that
to
understand
what
we
want.
C
And
so
we
were
saying
well,
we
could
have
like
a
group
membership
authorizer
that
lists
one
or
more
groups
that
are
granted
access
to
the
root
of
a
tree
and
that,
like
working
with
an
identity
provider,
to
make
sure
that
those
groups
get
set
up
there
would
be.
What
did
we
say
like
we
would
annotate
or
something
the
yes.
B
So
the
idea
is
a
question
we
had.
We
want
an
authorizer
doing
that
which
is
basically
like
this
top
level
thing
we
have
for
organizations
today,
but
we
bonded
in
some
generic.
We
form
like
something
you
could
use
for
other
stuff
like.
Why
can
serious
access
his
homework
space
right?
Maybe
this
mechanism
could
also
work
there,
so
we
talked
about
maybe
using
annotations
or
something
directing
the
authorizer
system.
E
C
C
This
was
just
more
about
like
how
do
we
specify
the
groups
that
are
allowed
to
access,
and
we
were
talking
about
how
like
imagine
we
have
this
annotation.
That
says,
like
the
Acme
access
group
is
allowed
to
access
the
Acme
org,
and
this
is
an
annotation
on
the
root
workspace
for
Acme
or
the
acne
org
workspace
and
anytime.
A
child
is
created
that
information
has
to
be
copied
and
if
we
need
to
make
any
changes
to
you
know,
maybe
the
the
name
of
the
group
changes
or
we
add
a
new
group.
B
C
B
Something
Andy
I
think
we
took
for
granted
because
we
talked
about
it
before,
but
for
for
new
people,
the
actual
access
inside
of
a
workspace
to
operate,
oh
yeah,
but
whatever
we
just
assume
this
is
totally
done
just
done
by
in
workspace
Network,
nothing
special.
Basically,
everybody
who
has
access
to
the
workspace
hierarchy
in
general
by
this
mechanism,
for
example,
buys
a
scoop.
Then
it's
basically
an
authenticated
user,
but
without
any
permissions.
B
A
So
they
have
to
go
to
some
other
API
third-part
API,
which
we
control
to
let's
say
delete
my
workspace
or
something
in
this
model.
We're
talking
now
that
if
the
workspace
becomes
self-contained,
where
the
airbag
some
kind
of
either
group
based
or
user-based-
and
there
is
a
different
question
that
we
didn't
talk
about
user
based,
one
here
is
inside
workspace-
we
can
get
to
the
situation
where
you
kinda
can
remove
them.
Just
you
can
modify
your
access
as
a
tenant
to
your
workspace,
I.
B
A
A
B
It's
a
different
system,
I
think
what
we
talked
about
is
basically
it's
basic
access
to
the
subtree.
That
was
a
group
membership
thing
yeah
and
we
could
add
another
thing
like
when
it's
user
MJ
or
are
you
in
some
group
whatever?
Then
you
have
other
informations,
it's
a
different
annotation,
a
different
authorizer
which
gives
you
that
okay,
it's
like
a
union
also
either
it's
not
a
chain
that
just
ended.
F
B
B
That's
just
you
need
extra
group
membership
to
access
the
whole
hierarchy.
It's
Extra
Protection,
basically
so
I
cannot.
So
if
I'm
in
company
Foo
and
I
want
to
give
you
Steve
permissions
for
a
nest
that
very
deeply
nested
workspace
today.
I
can't
do
that
because
you
are
not
in
proof
in
general,
because
the
choice
of
the
system
and
the
thing
is
I
mean
it's
special
at
the
moment
that
groups
there's
a
first
level
in
the
hierarchy
and
perhaps
his
property
with
the
new
system.
B
D
B
If
you
want
to
only
allow
Tenon
colon,
better
people
to
access
the
redhead
hierarchy,
we
would
put
an
annotation
with
a
special
format.
We
haven't
talked
about
the
details
on
the
root
workspace,
there's
a
root
workspace,
but
the
orc
workspace
method,
which
tells
the
authorizer
to
only
allow
those
in
who
have
the
school
membership
and
we
would
copy
that
down.
Basically,
the
system
would
do
that.
B
B
D
B
B
C
D
C
C
You
know,
I
don't
know
like
if
we
have
a
root
level
workspace
and
it
holds
Global
stuff
that
generally
everybody
should
be
able
to
at
least
get
into
so
that
they
can
be
governed
by
normal
Cube
rbac.
Then
we
don't
need
to
annotate
it
saying
only
these
groups
can
get
in,
but
on
the
other
hand,
if
you
decided
like
I,
don't
want
everybody
to
have
access
in
here,
then
you
could
do
that.
Gotcha.
D
Okay,
that
makes
sense.
Okay,
cool.
No
second
question:
did
you
maybe
have
the
chance,
because
we
always
talk
about
literally
kind
column,
user
objects
and
we
I
would
say
twice
a
week
at
the
question
as
well.
How
do
I
give
the
service
account
from
workspace
one
access
to
do
stuff
in
workspace
too,
like
I
assume
we
are
retaining
or
like
we
are
keeping
this
very
high
tenancy
boundary
between.
B
C
Yes,
I
mean
we
don't
call
it
a
workspace
claim,
but
yeah
you're,
basically
saying
I
mean
it's
a
request
to
provision.
It's
basically
a
request
to
provision
a
logical
cluster
somewhere
and
by
default
it
will
get
provisioned
in
the
same
region
and
cloud
provider
as
the
parent,
but
you
hypothetically
could
ask
for
a
different
cloud
provider
or
region,
and
this
stuff
hasn't
really
been
built.
Yet
like
we
have
the
idea
of
like
in
in
kcp
today,
a
cluster
workspace
lives
on
a
Shard.
The
definition
of
the
cluster
workspace
lives
on
The
Shard.
C
C
But
for
a
you
know,
for
a
user
like
let's
say
that
you
have
like
your
your
it.
Department
sets
up
a
workspace
for
your
team.
Like
you
work
on
team
control
plane,
so
you
have
a
control,
plane,
workspace
and
then
you
need
I,
don't
know
some
workspace
for
an
app
that
you're
working
on,
and
so
you
create
that
workspace
within
that
control.
Plane,
parent,
your
app
workspace
could
be
completely
in
some
other
shard.
C
B
F
Everything
more
so
like
what
Andy
was
just
saying:
I
created
a
new
workspace
for
my
project.
Within
my
team.
It
got
scheduled
to
Frankfurt
the
you
know:
fiber
optics
between
the
US
and
Frankfurt
got
cut
now,
I
can't
access
my
child
like
to
what
extent
do
we
want
are
straw
man
for
availability
across
Network
destruction
to
be
contained
there.
B
C
F
F
Right,
yeah
I
meant
more
so,
like
kind
of
a
foot
gun
for
users
to
be
able
to
put
their
work
across
different
regions
like
that.
If,
if
they
somehow
need
to
access
the
object,
I
don't
know
thinking
through
the
cases
of
the
workspace
is
functional.
But
I
can't
get
the
object
to
find
the
url
to
talk
to.
It
seems
kind
of
annoying.
B
B
B
B
F
C
Yeah,
so
we
had
some
sketches
here,
speaking
of
like
human,
readable
names
versus
not
and
like
issuing
302s,
if
you
ask
for
the
human
readable
name,
you
would
get
a
302
back
to
you
know.
Whatever
the
idea
is
yeah,
we
talked
about
like
we
need
to
figure
out
for
quota
roll
up,
how
to
do
that
in
this
type
of
model.
C
B
If
you
list
all
logical
cluster
objects,
those
LC
objects
here
and
you
have
a
global
picture.
That's
what
our
font
Box
is
doing.
Super
naively,
of
course,
not
persistent
anything,
but
if
you
do
that,
you
have
the
complete
picture.
Okay,
so
you
can,
by
watching
all
charts
you
can
get
the
whole
hierarchy
memory
at
some
point.
Of
course
we
want
to
store
that
and
replicate
it
and
everything,
but
this
is
enough,
so
everything
we
lose
on
the
lower
level
data
model
we
get
back
when
we
text
a
big
picture.
C
F
B
C
We
basically
said
I'm
gonna
skip
over
some
of
this
stuff.
We
said
that
deleting
a
workspace
was
basically
the
identical
to
the
process
today,
except
if
you're
trying
to
delete
a
root.
Like
the
you
know,
an
org
workspace
or
whatever
a
parentless
workspace.
We
need
to
have
some
special
way
to
do
that,
and
we
didn't
really
resolve
that.
F
B
C
B
F
F
C
This
was
just
fleshing
out.
This
is
just
flushing
out
that
the
hack
MD
and
going
through
some
additional
things
yeah,
so
the
the
benefits.
Just
to
summarize,
we
don't
have
to
look
at
the
parent
anymore
to
figure
out
the
permission
model
for
the
child.
So
it's
an
efficiency
in
terms
of
like
quarter
magnitude.
E
C
F
B
F
B
B
C
For
any
existing
cluster
workspaces,
we
assuming
we
created
a
new
like
logical
cluster
type,
and
you
know
where
we're
basically
renaming
cluster
workspace.
We
could
copy
over
the
existing
ones
and
instead
of
generating
dynamic
or
random
IDs,
we
would
just
use
the
pre-existing
root
colon
whatever
so.