[jira] [Commented] (ACCUMULO-1681) Adjust Authorizor Interface to validate auths instead of retrieving a list

Wed, 11 Sep 2013 10:23:53 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-1681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13764523#comment-13764523
 ] 

John Vines commented on ACCUMULO-1681:
--------------------------------------

{quote}
What I'd really like is for us to come up with a comprehensive solution that 
implements all these improvements and push for it to be a major feature of an 
upcoming release (1.7? maybe call it 2.0?). Without that comprehensive 
solution, I'm reluctant to get on board for this in 1.6.
{quote}

The problem is we really won't be able to come up with a comprehensive solution 
working in a bubble. We need to iteratively work on this, not push it down the 
road and say it will be super duper good by then. 
                
> Adjust Authorizor Interface to validate auths instead of retrieving a list
> --------------------------------------------------------------------------
>
>                 Key: ACCUMULO-1681
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1681
>             Project: Accumulo
>          Issue Type: Bug
>          Components: tserver
>            Reporter: John Vines
>            Assignee: John Vines
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1681.patch, ACCUMULO-1681.v2.patch
>
>
> Currently the Authorizor interface is used to request a set of authorizations 
> which then get checked against the authorizations a user is attempting to 
> use. However, some security systems only support the ability to validate 
> authorizations/permissions/roles and not provide a list. That makes these 
> systems (entirely) incompatible with Accumulo when they don't have to be.
> We should switch the behavior of Accumulo to ask the Authorizor (via 
> SecurityOperations) if the auths are valid. The existing getAuths 
> functionality will still use that call and would have potentially limited 
> support, similar to the potentially limited support of any of the set 
> operations.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to