On Mon, Nov 30, 2015 at 6:53 PM, YongQiao Wang <[email protected]> wrote: >> 1. Choosing a role name >> 2. Configuring weights, ACLs, and quotas for the role. >> 3. Configuring applications/frameworks to register using that role. > > [Yong Qiao] If applications/frameworks do not follow your rules, and > register with another role, then how to prevent? and do we will still > create this undesirable role in Mesos? Maybe we can only relay on ACLs to > avoid this, but according to my understanding, ACLs is not required in > Mesos.
Right -- with implicit roles, the proposal is to use ACLs to prevent a framework from registering as an undesirable role. ACLs are a general-purpose mechanism for determining whether a principal should be permitted to take an action, so it seems reasonable and consistent to use ACLs for this purpose. > In addition, I am not sure whether it is make sence to use ACLs for > role validation. Can you elaborate on your reasoning here? Thanks, Neil
