Some design analyse between Implicit Roles and Dynamic Roles: For Implicit Roles: 1. Does not need a specified endpoint for role management, but more endpoints should be provided to manage role's related object, such as the dynamic management for Weight, Grace Period (which is involved by Optimistic Offers), etc. 2. Role will be persisted in multiple places. For example, role should be persist in replicated log when we have dynamic weight, and role also need be persisted when we have dynamic Grace Period, etc. 3. Role validation (such as to avoid the typos) depends on ACLs; 4. As an operator, s/he must have more knowledges to use multiple endpoints to manage role's related objects. and the operator must guarantee consistency when configuring ACLs, weights, Grace Period, quota, etc.
For Dynamic Roles: 1. Needs to enhance the exist endpoint /roles to support add/update/remove a role, and operator can only use this one endpoint to manage all objects (e.g. weight, Grace Period, etc.) which related with role. 2. Role information will only be persisted in one replicated log (Plan to persist RoleInfo when call /roles to add role). 3. Keep a valid role list in Mesos, and which can be used to prevent the typos and can help to check the correctness when operator configuring ACLs, weights, Grace Period, quota, etc. So I think the model of Dynamic Roles is easy to understand and operate. This is only my understanding, welcome any other comments. On Tue, Dec 1, 2015 at 5:05 PM, YongQiao Wang <[email protected]> wrote: > @Neil, My concern is that Implicit Roles and ACLs are independent > functions, ACLs is focus on the access control rather than prevent a > invalid role. For example, if the principal is incorrect, then > the authorization will also failed when register framework. In addition, as > you mean, Implicit roles must depend on ACLs? If without ACLs, Implicit > roles can work well? > > On Tue, Dec 1, 2015 at 2:44 PM, Neil Conway <[email protected]> wrote: > >> On Mon, Nov 30, 2015 at 6:53 PM, YongQiao Wang <[email protected]> >> wrote: >> >> 1. Choosing a role name >> >> 2. Configuring weights, ACLs, and quotas for the role. >> >> 3. Configuring applications/frameworks to register using that role. >> > >> > [Yong Qiao] If applications/frameworks do not follow your rules, and >> > register with another role, then how to prevent? and do we will still >> > create this undesirable role in Mesos? Maybe we can only relay on ACLs >> to >> > avoid this, but according to my understanding, ACLs is not required in >> > Mesos. >> >> Right -- with implicit roles, the proposal is to use ACLs to prevent a >> framework from registering as an undesirable role. ACLs are a >> general-purpose mechanism for determining whether a principal should >> be permitted to take an action, so it seems reasonable and consistent >> to use ACLs for this purpose. >> >> > In addition, I am not sure whether it is make sence to use ACLs for >> > role validation. >> >> Can you elaborate on your reasoning here? >> >> Thanks, >> Neil >> > >
