Yes. That's correct. I guess I did not put it correctly. One can set app wide attribute which will make all the streams encrypted. If not all streams needs to be encrypted, one can set attribute on particular stream to enable encryption for that stream. Platform will support both ways. Chimnay, Attribute on a stream and attribute for entire app that applies to all streams in the app are not mutually exclusive. Platform can support both.
Thks Amol On Wed, Dec 16, 2015 at 11:10 PM, Chinmay Kolhatkar <[email protected] > wrote: > I've updated the Jira for having network/bufferserver level encryption. > > ~ Chinmay. > > On Thu, Dec 17, 2015 at 12:39 PM, Chinmay Kolhatkar < > [email protected] > > wrote: > > > Agreed with Vlad and Gurav that encryption should be at Network and > Buffer > > server levels. > > > > But as Amol mentioned the configuration for enabling it can be set as a > > stream attribute OR an app wide attribute. > > > > ~ Chinmay. > > > > On Thu, Dec 17, 2015 at 5:43 AM, Amol Kekre <[email protected]> > wrote: > > > >> Makes sense to make it stream attribute. > >> > >> Thks > >> Amol > >> > >> > >> On Wed, Dec 16, 2015 at 11:34 AM, Vlad Rozov <[email protected]> > >> wrote: > >> > >> > +1 - support should be at the network and buffer server levels. > >> > > >> > Vlad > >> > > >> > > >> > On 12/15/15 00:10, Timothy Farkas wrote: > >> > > >> >> I think encryption of data sent across the wire and operator logic > are > >> >> orthogonal. The user should just have to set DAG level attribute to > >> >> enable/disable encryption, without having to write any encryption > >> related > >> >> code. I think this would require changes to the Buffer Server > publisher > >> >> and > >> >> subscriber though. > >> >> > >> >> On Mon, Dec 14, 2015 at 11:27 PM, Chandni Singh < > >> [email protected]> > >> >> wrote: > >> >> > >> >> When we are dealing with secured data, the usual scenarios are that > you > >> >>> get > >> >>> encrypted data. > >> >>> This data need to decrypt and then perform other functions on it. > The > >> >>> output of the dag is then encrypted. > >> >>> > >> >>> In the past we have solved these use cases by performing > >> >>> decryption/encryption in the operator. > >> >>> IMO the operator approach works better because these processes may > >> >>> require > >> >>> invoking utilities and also operators can be configured easily using > >> >>> properties. > >> >>> > >> >>> Chandni > >> >>> > >> >>> On Mon, Dec 14, 2015 at 10:34 PM, Sandesh Hegde < > >> [email protected] > >> >>> > > >> >>> wrote: > >> >>> > >> >>> Well we have committers from bank, their feedback will be really > >> >>>> > >> >>> valuable. > >> >>> > >> >>>> On Mon, Dec 14, 2015 at 10:30 PM Priyanka Gugale < > >> >>>> > >> >>> [email protected] > >> >>> > >> >>>> wrote: > >> >>>> > >> >>>> Sounds good. This is good feature for banks and security domain. > >> >>>>> One suggestion: We can do key management ourself at application > >> (may be > >> >>>>> > >> >>>> by > >> >>>> > >> >>>>> providing default keys) and there should be an option to override > >> keys > >> >>>>> > >> >>>> if > >> >>> > >> >>>> user really want to do so. > >> >>>>> > >> >>>>> -Priyanka > >> >>>>> > >> >>>>> On Tue, Dec 15, 2015 at 11:37 AM, Chinmay Kolhatkar < > >> >>>>> [email protected] > >> >>>>> > >> >>>>>> wrote: > >> >>>>>> Hi All, > >> >>>>>> > >> >>>>>> I wanted to propose an idea using which one can have encrypted > >> stream > >> >>>>>> flowing in a DAG. > >> >>>>>> > >> >>>>>> Basically, the idea is to create a new EncryptedInputPort which > >> will > >> >>>>>> > >> >>>>> extend > >> >>>>> > >> >>>>>> from DefaultInputPort and will return a StreamCodec object which > >> will > >> >>>>>> > >> >>>>> take > >> >>>>> > >> >>>>>> care of encryption/decryption. > >> >>>>>> As the same StreamCodec object will be used at OutputPort, the > >> >>>>>> > >> >>>>> encryption > >> >>>> > >> >>>>> can be done in toByteArray method at Output port and decryption > can > >> >>>>>> > >> >>>>> be > >> >>> > >> >>>> done > >> >>>>> > >> >>>>>> in fromByteArray at Input port. > >> >>>>>> > >> >>>>>> By default we can support some basic encryption algorithms like > RSA > >> >>>>>> > >> >>>>> and > >> >>> > >> >>>> DSA > >> >>>>> > >> >>>>>> where user need to provide the key(s) to EncryptedInputPort. > >> >>>>>> > >> >>>>>> Any thoughts? > >> >>>>>> > >> >>>>>> ~ Chinmay. > >> >>>>>> > >> >>>>>> > >> > > >> > > > > >
