[
https://issues.apache.org/jira/browse/MESOS-2620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14495868#comment-14495868
]
Alexander Rojas commented on MESOS-2620:
----------------------------------------
A design for the issue has been proposed at
https://docs.google.com/document/d/1JSJTJMJ6ZXLkCSmvOIabTLrjtqqr0E-u99Rx2BHR1hs/edit
> Implement a mechanism which allows access control of endpoints
> --------------------------------------------------------------
>
> Key: MESOS-2620
> URL: https://issues.apache.org/jira/browse/MESOS-2620
> Project: Mesos
> Issue Type: Improvement
> Affects Versions: 0.21.1
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
>
> h2. Rationale
> As is currently implemented, libprocess processes are able to provide HTTP
> endpoints to serve some client's requests. Any security requirement are left
> to the actual endpoint handler to be implemented. Moreover, some common
> security checks (e.g., requiring the connection to be perform over a secure
> channel or controlling the source of the connection) cannot be performed at
> all since this attributes are not made available to the endpoint's handlers.
> h2. Goal
> Implement a mechanism which allows users of libprocess to install _firewall_
> like rules which can be easily applied to any incoming connection, decoupling
> the endpoint's handler from the security layer.
> Provide at least on rule which allow the selective disabling of endpoints.
> This also requires mesos users to be able to manipule such rules.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
