[
https://issues.apache.org/jira/browse/MESOS-2620?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Adam B updated MESOS-2620:
--------------------------
Description:
h2. Rationale
As is currently implemented, libprocess processes are able to provide HTTP
endpoints to serve some client's requests. Any security requirement are left to
the actual endpoint handler to be implemented. Moreover, some common security
checks (e.g., requiring the connection to be perform over a secure channel or
controlling the source of the connection) cannot be performed at all since this
attributes are not made available to the endpoint's handlers.
h2. Goal
Implement a mechanism which allows users of libprocess to install _firewall_
like rules which can be easily applied to any incoming connection, decoupling
the endpoint's handler from the security layer.
Provide at least one rule which allows the selective disabling of endpoints.
This also requires mesos users to be able to manipulate such rules.
was:
h2. Rationale
As is currently implemented, libprocess processes are able to provide HTTP
endpoints to serve some client's requests. Any security requirement are left to
the actual endpoint handler to be implemented. Moreover, some common security
checks (e.g., requiring the connection to be perform over a secure channel or
controlling the source of the connection) cannot be performed at all since this
attributes are not made available to the endpoint's handlers.
h2. Goal
Implement a mechanism which allows users of libprocess to install _firewall_
like rules which can be easily applied to any incoming connection, decoupling
the endpoint's handler from the security layer.
Provide at least on rule which allow the selective disabling of endpoints. This
also requires mesos users to be able to manipule such rules.
> Implement a mechanism which allows access control of endpoints
> --------------------------------------------------------------
>
> Key: MESOS-2620
> URL: https://issues.apache.org/jira/browse/MESOS-2620
> Project: Mesos
> Issue Type: Improvement
> Components: libprocess, master, slave
> Affects Versions: 0.21.1
> Reporter: Alexander Rojas
> Assignee: Alexander Rojas
> Labels: mesosphere, security
>
> h2. Rationale
> As is currently implemented, libprocess processes are able to provide HTTP
> endpoints to serve some client's requests. Any security requirement are left
> to the actual endpoint handler to be implemented. Moreover, some common
> security checks (e.g., requiring the connection to be perform over a secure
> channel or controlling the source of the connection) cannot be performed at
> all since this attributes are not made available to the endpoint's handlers.
> h2. Goal
> Implement a mechanism which allows users of libprocess to install _firewall_
> like rules which can be easily applied to any incoming connection, decoupling
> the endpoint's handler from the security layer.
> Provide at least one rule which allows the selective disabling of endpoints.
> This also requires mesos users to be able to manipulate such rules.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
