Security - moved overview to top of section.
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/7c8acc58 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/7c8acc58 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/7c8acc58 Branch: refs/heads/staging/docs-grant1 Commit: 7c8acc589fd57fb523109adf41a9198515b1a82c Parents: bce4a11 Author: Dave Barnes <[email protected]> Authored: Fri Sep 2 15:58:14 2016 -0700 Committer: Dave Barnes <[email protected]> Committed: Fri Sep 2 15:58:14 2016 -0700 ---------------------------------------------------------------------- managing/security/chapter_overview.html.md.erb | 8 ++++---- managing/security/implementing_authentication.html.md.erb | 3 ++- managing/security/implementing_security.html.md.erb | 9 +++++---- 3 files changed, 11 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/7c8acc58/managing/security/chapter_overview.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/chapter_overview.html.md.erb b/managing/security/chapter_overview.html.md.erb index d1636a3..8b8ca63 100644 --- a/managing/security/chapter_overview.html.md.erb +++ b/managing/security/chapter_overview.html.md.erb @@ -4,6 +4,10 @@ title: Security The security framework permits authentication of connecting components and authorization of operations for all communicating components of the distributed system. +- **[Security Implementation Overview](../../managing/security/implementing_security.html)** + + Apache Geode can authenticate peer system members and clients. It can also authorize cache operations on a server from clients. + - **[Security Features](../../managing/security/security_intro.html)** Encryption, SSL secure communication, authentication, and authorization @@ -13,10 +17,6 @@ features help to secure the distributed system. This section gathers discrete details in one convenient location to better help you assess and configure the security of your environment. -- **[Security Implementation Overview](../../managing/security/implementing_security.html)** - - Apache Geode can authenticate peer system members and clients. It can also authorize cache operations on a server from clients. - - **[Enable Security with Property Definitions](../../managing/security/enable_security.html)** - **[Authentication](../../managing/security/authentication_overview.html)** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/7c8acc58/managing/security/implementing_authentication.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/implementing_authentication.html.md.erb b/managing/security/implementing_authentication.html.md.erb index 52c6114..e7ae1d1 100644 --- a/managing/security/implementing_authentication.html.md.erb +++ b/managing/security/implementing_authentication.html.md.erb @@ -15,9 +15,10 @@ If approved, the connection request returns a `java.security.Principal` object, - Servers may be authenticated by their clients during the connection initialization. - Depending on the member, the new member may in turn become an authenticator to other joining members. Members joining a system must trust that existing members are already authenticated. -Locators maintain and distribute the authenticated member list. The distributed member list is also authenticated by all members, which prevents an unauthorized application from introducing itself into membership by distributing an member list that includes itself. +Locators maintain and distribute the authenticated member list. The distributed member list is also authenticated by all members, which prevents an unauthorized application from introducing itself into membership by distributing a member list that includes itself. <img src="../../images/security-1.gif" id="how_authentication_works__image_D3AE53AB4E0441A5A078E5D07EC20C5D" class="image" /> + Geode authentication provides a flexible plug-in framework. Any security infrastructure can be plugged in to the system as long as the plug-ins implement the required Geode interfaces. ## Enable Authentication with Property Definitions http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/7c8acc58/managing/security/implementing_security.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/implementing_security.html.md.erb b/managing/security/implementing_security.html.md.erb index e70712b..b8122e5 100644 --- a/managing/security/implementing_security.html.md.erb +++ b/managing/security/implementing_security.html.md.erb @@ -6,8 +6,9 @@ Apache Geode can authenticate system members, clients, and other system entities. It can also individually authorize cache operations for those various entities. -<a id="implementing_security__section_79F6CF928E764CA294D466D0CB2E5FAC"></a> -An overview of How it all Works + +## <a id="implementing_security__section_79F6CF928E764CA294D466D0CB2E5FAC" class="no-quick-link"></a>An overview of How it all Works## + The security of a distributed system can be greatly enhanced by authenticating all system participants. This verifies the identity of the participants, @@ -20,7 +21,7 @@ or administrators. Given authentication, isolation and access to cache data and system state can be further -protected by implementing a authorization mechanism. +protected by implementing an authorization mechanism. For example, only certain system administrators might be permitted to start and stop servers. The authority to do this needs to be limited to specific @@ -60,7 +61,7 @@ There are three values: - `READ` looks at data; it does not modify anything. - `WRITE` modifies data. `WRITE` does not imply `READ`. -- `MANAGE` accesses admininistrative information. `MANAGE` does not imply `WRITE`. +- `MANAGE` accesses administrative information. `MANAGE` does not imply `WRITE`. Data read and write operations may be further applied to regions and specific keys within regions.
