[jira] [Commented] (FLINK-3930) Implement Service-Level Authorization

Wed, 19 Oct 2016 03:59:50 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15588366#comment-15588366
 ] 

ASF GitHub Bot commented on FLINK-3930:
---------------------------------------

Github user mxm commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2425#discussion_r84024166
  
    --- Diff: 
flink-core/src/main/java/org/apache/flink/configuration/ConfigConstants.java ---
    @@ -871,6 +871,19 @@
        @Deprecated
        public static final String ZOOKEEPER_MAX_RETRY_ATTEMPTS = 
"recovery.zookeeper.client.max-retry-attempts";
     
    +   // ---------------------------- Secure Cookie Authentication 
-----------------------------------
    +
    +   /** Flag that specify whether service authentication is enabled or not 
**/
    +   public static final String SECURITY_ENABLED = "security.enabled";
    --- End diff --
    
    When security is enabled, encryption should also be turned on. It probably 
makes sense to disable encryption for debugging purposes but please make sure 
it is enabled by default. Please see `SECURITY_SSL_ENABLED`.


> Implement Service-Level Authorization
> -------------------------------------
>
>                 Key: FLINK-3930
>                 URL: https://issues.apache.org/jira/browse/FLINK-3930
>             Project: Flink
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Service-level authorization is the initial authorization mechanism to ensure 
> clients (or servers) connecting to the Flink cluster are authorized to do so. 
>   The purpose is to prevent a cluster from being used by an unauthorized 
> user, whether to execute jobs, disrupt cluster functionality, or gain access 
> to secrets stored within the cluster.
> Implement service-level authorization as described in the design doc.
> - Introduce a shared secret cookie
> - Enable Akka security cookie
> - Implement data transfer authentication
> - Secure the web dashboard



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to