[ https://issues.apache.org/jira/browse/MESOS-2620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14504868#comment-14504868 ]
Alexander Rojas commented on MESOS-2620: ---------------------------------------- https://reviews.apache.org/r/33295/ https://reviews.apache.org/r/33296/ > Implement a mechanism which allows access control of endpoints > -------------------------------------------------------------- > > Key: MESOS-2620 > URL: https://issues.apache.org/jira/browse/MESOS-2620 > Project: Mesos > Issue Type: Improvement > Components: libprocess, master, slave > Affects Versions: 0.21.1 > Reporter: Alexander Rojas > Assignee: Alexander Rojas > Labels: mesosphere, security > > h2. Rationale > As is currently implemented, libprocess processes are able to provide HTTP > endpoints to serve some client's requests. Any security requirement are left > to the actual endpoint handler to be implemented. Moreover, some common > security checks (e.g., requiring the connection to be perform over a secure > channel or controlling the source of the connection) cannot be performed at > all since this attributes are not made available to the endpoint's handlers. > h2. Goal > Implement a mechanism which allows users of libprocess to install _firewall_ > like rules which can be easily applied to any incoming connection, decoupling > the endpoint's handler from the security layer. > Provide at least one rule which allows the selective disabling of endpoints. > This also requires mesos users to be able to manipulate such rules. -- This message was sent by Atlassian JIRA (v6.3.4#6332)