Hi, I took a look at the document and these are my comments :)
(note: I only have the basic knowledge of security: security is a myth) * About the permissions It would be good to describe what is the relation between the permissions. For example, answer the following question: can a user/group/role have READ permission over a cache without ACCESS permission? Can it have WRITE permission without READ (write operation returns the old value)? and EXEC? does it makes sense to have EXEC without READ and/or WRITE? Since we have a BULK permission (that it is a READ) why not split the WRITE? like MODIFY(put* replace*), DELETE(remove*) and CLEAR(clear)? Other thing that is not clear to me is if it is possible to specify default permissions. I assuming that if you define the roles in the <default> cache, they will be passed to the <namedCache> if nothing is specified, right? Is the secure cache protected against the ComponentRegistry? I meant, it is possible to do cache.getAdvancedCache().getDataContainer().clear() and skip any authentication? * About the Interceptors IMO, bad idea. I think we should have a SecureCache interface and implementation (SecureCacheImpl). As suggested in the wiki, this SecureCacheImpl will throw a SecurityException in any invocation byut it would have a method /.as(Subject)/ that would return a decorate SecureCache with the correct permissions. About the encryption I think the application should be responsible to do it and not the Cache. However, if it is really necessary I would do it in the SecureCache level so any component in Infinispan would have access to the plain object. Also I wouldn't allow the user to choose to encrypt only to persistence. In addition, how are we going to manage the encryption keys? If a key is leaked are we going to support the re-encryption with a new key? Is it possible to choose different keys per user/type of data? * HotRod security In the design document, it does not refer anything to encrypt the communication between the clients and the server. is it a gap? * Finally, some minor typos: ** the embedded configuration title is in the middle of the embedded API text ** the lists are all in the same line in embedded encryption and hot rod security ** Memcached Security is not "titlefied" Cheers, Pedro On 11/22/2013 01:05 PM, Tristan Tarrant wrote: > Hi all, > > I've published an ongoing draft of how we should implement Security in > Infinispan. > > https://github.com/infinispan/infinispan/wiki/Security > > There are still gaps in there, but I'd like your comments early :) > > Tristan > _______________________________________________ > infinispan-dev mailing list > [email protected] > https://lists.jboss.org/mailman/listinfo/infinispan-dev > _______________________________________________ infinispan-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/infinispan-dev
