[
https://issues.apache.org/jira/browse/MESOS-911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13923326#comment-13923326
]
Vinod Kone commented on MESOS-911:
----------------------------------
Yes. The plan is to obviate the ACLs message altogether. This will allow us to
*easily* setup multiple ACLs without having to write validation code (to ensure
only one of them is set) and switch statements to figure out why ACL is being
used.
The reason for the Subject message is also to avoid writing a lot of validation
code and make it flexible to add more fields in the future. The only validation
that needs to be done is :
CHECK (Subject.has_id() || Subject.type == "ANYONE" || Subject.type == "NONE");
> Add pluggable authorization interface
> -------------------------------------
>
> Key: MESOS-911
> URL: https://issues.apache.org/jira/browse/MESOS-911
> Project: Mesos
> Issue Type: Story
> Components: general
> Reporter: Adam B
> Assignee: Vinod Kone
> Labels: security
>
> We are investigating authorizing principals to allow them access to only a
> specific set of operations like launching tasks or using resources. In fact,
> you could imagine a world where an authenticated principal will be authorized
> to on behalf of a subset of users and roles for launching tasks and accepting
> resources respectively. This authorization information could be stored in a
> directory service like LDAP.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
