There was a discussion about authorization for cassandra a while back. I thought this may be of interest. yes it is based on protobuf, but it should work equally as well with Thrift if someone was eager enough I would think.
Regards Ian -------- Original Message -------- Subject: [protobuf] Captain Proto -- A Protobuf RPC system using capability-based security Date: Sun, 13 Dec 2009 03:18:54 -0800 From: Kenton Varda <[email protected]> To: Protocol Buffers <[email protected]> Hi all, As I've mentioned a couple times in other threads, last weekend I wrote up a simple RPC system based on Protocol Buffers which treats services as capabilities, in the sense of capability-based security. http://en.wikipedia.org/wiki/Capability-based_security Essentially what this means is that you can construct a service implementation and then embed a reference to it into an RPC message sent to or from some other service. So, for instance, if a client wants a server to be able to make calls back to the client, it can simply send the server a reference to a service implemented by the client. Or, for another example, a service which acts as a resource broker could grant a client access to a particular resource by sending it a reference to a service object representing that resource, to which the client can then make calls. Note that a particular service object cannot be accessed over a particular connection until that service object has actually been sent in an RPC over that connection. This property is useful for security, as described in the above link. In any case, the project is called Captain Proto and can be found here: http://code.google.com/p/capnproto/ Currently it only has Java support, though I hope it will eventually support other languages as well. The wire protocol is itself defined in terms of protocol buffers: http://code.google.com/p/capnproto/source/browse/proto/capnproto.proto There is basic documentation here: http://capnproto.googlecode.com/hg/doc/java/index.html You can also look at the test for an example: http://code.google.com/p/capnproto/source/browse/java/test.proto http://code.google.com/p/capnproto/source/browse/java/Test.java I expect the API to change quite a bit, so be warned that if you write code based on it, that code will have to change at some point. Future hopes/plans: - Improve API by taking advantage of code generator plugins. - Define a standard "ServiceDirectory" service which can serve as the default service on servers that export multiple services. The directory would have a method like Open() which takes the name of some particular service and returns a reference to the corresponding service object. - Provide a library of capability design pattern implementations, e.g. the revocable membrane. - Define a capnproto-over-HTTP protocol which can be used by AJAX clients. - Support C++ and Python. For the time being, this is not an official Google project. It's just something I wrote for fun -- or, more accurately, to support some other fun stuff that I want to work on. That said, due to the obviously wide applicability, I might try to make it more official at some point. -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To post to this group, send email to [email protected] . To unsubscribe from this group, send email to [email protected] . For more options, visit this group at http://groups.google.com/group/protobuf?hl=en . -- Ian Holsman [email protected]
