GitHub user leekeiabstraction created a discussion: Securing Client Tiered Storage Access
Hey all, Following up on [Slack conversation](https://apache-fluss.slack.com/archives/C08C5S56R53/p1767747306168129?thread_ts=1767687340.836989&cid=C08C5S56R53), I've written up a short doc to drive discussion on how we can improve the token vending of Fluss. The primary motivations are: 1. Securing access: clients can be compromised and if they are, attackers will be able to perform all actions they are authorised to. The improvements that can be made here are two fold. First, we can downscope to least-privileged i.e. read actions on allowed buckets only. Second, we can annotate the specific session so that it is trace-able to the client. This allows users to distinguish API calls made by specific clients in their logs and also deny permission to compromised sessions via RBAC. 2. Refactoring: The interfaces and classes for credentials and token vending are overloaded and can be confusing for developer. This is a good opportunity to refactor that. Would love your thoughts here before I proceed to prototyping https://docs.google.com/document/d/1y8EWYwqXiiDyo2A9USFqgyqjBVm56dMz4VJPYVJ8dME/edit?usp=sharing GitHub link: https://github.com/apache/fluss/discussions/2352 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
