[
https://issues.apache.org/jira/browse/MESOS-4772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15168255#comment-15168255
]
Qian Zhang commented on MESOS-4772:
-----------------------------------
Very interesting ticket. A few questions:
1. What is the relationship between user and role? Should a user always belong
to role(s)? Or actually they are orthogonal?
2. Do we need to do user authentication (E.g., based on username/password or
credential) in Mesos? Or it will be actually left to framework to handle in its
own way?
3. Do we plan to integrate Mesos with some user management systems (e.g., LDAP,
Active Directory, etc.) in future?
> TaskInfo/ExecutorInfo should include owner information
> ------------------------------------------------------
>
> Key: MESOS-4772
> URL: https://issues.apache.org/jira/browse/MESOS-4772
> Project: Mesos
> Issue Type: Improvement
> Components: security
> Reporter: Adam B
> Assignee: Jan Schlicht
> Labels: authorization, mesosphere, ownership, security
>
> We need a way to assign fine-grained ownership to tasks/executors so that
> multi-user frameworks can tell Mesos to associate the task with a user
> identity (rather than just the framework principal+role). Then, when an HTTP
> user requests to view the task's sandbox contents, or kill the task, or list
> all tasks, the authorizer can determine whether to allow/deny/filter the
> request based on finer-grained, user-level ownership.
> Some systems may want TaskInfo.owner to represent a group rather than an
> individual user. That's fine as long as the framework sets the field to the
> group ID in such a way that a group-aware authorizer can interpret it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
