[
https://issues.apache.org/jira/browse/MESOS-4772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15234599#comment-15234599
]
Adam B commented on MESOS-4772:
-------------------------------
After even more discussion, the most flexible solution seems to be to pass the
entire TaskInfo into the authorizer module interface, and then different
authorizer module implementations can perform (ABAC-style) authorizations based
on whatever attribute of the task is most meaningful to them, which could be
role, label, resource type, or user.
The remaining question is how do the multi-user frameworks know what
kind/format of metadata to attach to its tasks in order for the Mesos
authorizer to authorize using that information? Perhaps we'll start
experimenting with labels, then see what makes the most sense to first-class.
> TaskInfo/ExecutorInfo should include fine-grained ownership/namespacing
> -----------------------------------------------------------------------
>
> Key: MESOS-4772
> URL: https://issues.apache.org/jira/browse/MESOS-4772
> Project: Mesos
> Issue Type: Improvement
> Components: security
> Reporter: Adam B
> Assignee: Jan Schlicht
> Labels: authorization, mesosphere, ownership, security
>
> We need a way to assign fine-grained ownership to tasks/executors so that
> multi-user frameworks can tell Mesos to associate the task with a user
> identity (rather than just the framework principal+role). Then, when an HTTP
> user requests to view the task's sandbox contents, or kill the task, or list
> all tasks, the authorizer can determine whether to allow/deny/filter the
> request based on finer-grained, user-level ownership.
> Some systems may want TaskInfo.owner to represent a group rather than an
> individual user. That's fine as long as the framework sets the field to the
> group ID in such a way that a group-aware authorizer can interpret it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
