Hi Parth, Thanks! A few questions:
1. Do you want to permit rules in your ACLs that DENY access as well as ALLOW? This can be handy setting up rules that have exceptions. E.g. “Allow principal P to READ resource R from all hosts” with “Deny principal P READ access to resource R from host H1” in combination would allow P to READ R from all hosts *except* H1. 2. When a topic is newly created, will there be an ACL created for it? If not, would that not deny subsequent access to it? (nit) Maybe use Principal instead of String to represent principals? On 3/9/15, 11:48 AM, "Don Bosco Durai" <bo...@apache.org> wrote: >Parth > >Overall it is looking good. Couple of questionsŠ > >- Can you give an example how the policies will look like in the default >implementation? >- In the operations, can we support ³CONNECT² also? This can be used >during Session connection >- Regarding access control for ³Topic Creation², since we can¹t do it on >the server side, can we de-scope it for? And plan it as a future feature >request? > >Thanks > >Bosco > > > >On 3/6/15, 8:10 AM, "Harsha" <ka...@harsha.io> wrote: > >>Hi Parth, >> Thanks for putting this together. Overall it looks good to >> me. Although AdminUtils is a concern KIP-4 can probably fix >> that part. >>Thanks, >>Harsha >> >>On Thu, Mar 5, 2015, at 10:39 AM, Parth Brahmbhatt wrote: >>> Forgot to add links to wiki and jira. >>> >>> Link to wiki: >>> >>>https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization >>>+ >>>Interface >>> Link to Jira: https://issues.apache.org/jira/browse/KAFKA-1688 >>> >>> Thanks >>> Parth >>> >>> From: Parth Brahmbhatt >>> <pbrahmbh...@hortonworks.com<mailto:pbrahmbh...@hortonworks.com>> >>> Date: Thursday, March 5, 2015 at 10:33 AM >>> To: "dev@kafka.apache.org<mailto:dev@kafka.apache.org>" >>> <dev@kafka.apache.org<mailto:dev@kafka.apache.org>> >>> Subject: [DISCUSS] KIP-11- Authorization design for kafka security >>> >>> Hi, >>> >>> KIP-11 is open for discussion , I have updated the wiki with the design >>> and open questions. >>> >>> Thanks >>> Parth > >
