raboof commented on code in PR #7920:
URL: https://github.com/apache/geode/pull/7920#discussion_r2309586930
##########
geode-docs/getting_started/15_minute_quickstart_gfsh.html.md.erb:
##########
@@ -514,6 +514,8 @@ To shut down your cluster, do the following:
Here are some suggestions on what to explore next with
<%=vars.product_name_long%>:
-- Continue reading the next section to learn more about the components and
concepts that were just introduced.
-- To get more practice using `gfsh`, see [Tutorial—Performing Common Tasks
with
gfsh](../tools_modules/gfsh/tour_of_gfsh.html#concept_0B7DE9DEC1524ED0897C144EE1B83A34).
-- To learn about the cluster configuration service, see [Tutorial—Creating
and Using a Cluster
Configuration](../configuring/cluster_config/persisting_configurations.html#task_bt3_z1v_dl).
+- To ensure that your Geode instances are secure, see:
[Security](../security/chapter_overview.html).
Review Comment:
Good idea to add this reference here
##########
geode-book/master_middleman/source/subnavs/geode-subnav.erb:
##########
@@ -74,6 +74,94 @@ limitations under the License.
</li>
</ul>
</li>
+ <li class="has_submenu">
Review Comment:
This moves the Security section to the top level. I think that's a good idea.
Minor request: the indentation (the number of leading spaces) seems a little
inconsistent here, that might be good to clean up.
##########
geode-docs/security/security_model.html.md.erb:
##########
@@ -0,0 +1,40 @@
+---
+title: Security Model
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+Every component of Apache Geode is built with security considerations as a top
priority. However, certain security
+solutions require user-specific design and implementation. Geode's default
configuration combines maximum flexibility
+and performance without any input needed from the user. Because of this,
certain security measures like
+**[authentication][authentication]**,
+**[authorization][authorization]** and
+**[over-the-wire encryption][ssl_overview]**
+are absent from a default Geode installation.
+It is highly recommended that users review Geode's security capabilities and
implement them as they see fit. See the
Review Comment:
This should probably be "as you see fit", or perhaps something like
"depending on the requirements of your deployment"?
##########
geode-docs/security/chapter_overview.html.md.erb:
##########
@@ -21,27 +21,41 @@ limitations under the License.
The security framework permits authentication of connecting components and
authorization of operations for all communicating components of the cluster.
-- **[Security Implementation Introduction and
Overview](implementing_security.html)**
+- **[Security Model][securityModelDefinition]**
+
+ This section describes the security model for Apache Geode. It is intended
to help users understand how Geode controls access to information and resources
so that they can make informed decisions about how to deploy and manage Geode
clusters and clients.
+
+- **[Security Implementation Introduction and
Overview][securityImplementationLink]**
Encryption, SSL secure communication, authentication, and authorization
help to secure the cluster.
-- **[Security Detail Considerations](security_audit_overview.html)**
+- **[Security Detail Considerations][securityDetailReference]**
This section gathers discrete details in one convenient location to better
help you assess and configure the security of your environment.
-- **[Enable Security with Property Definitions](enable_security.html)**
+- **[Enable Security with Property Definitions][enableSecurityDefinition]**
-- **[Authentication](authentication_overview.html)**
+- **[Authentication][authenticationLink]**
A cluster using authentication bars malicious peers or clients, and deters
inadvertent access to its cache.
-- **[Authorization](authorization_overview.html)**
+- **[Authorization][authOverviewLink]**
Client operations on a cache server can be restricted or completely
blocked based on the roles and permissions assigned to the credentials
submitted by the client.
-- **[Post Processing of Region Data](post_processing.html)**
+- **[Post Processing of Region Data][postProcessingLink]**
-- **[SSL](ssl_overview.html)**
+- **[SSL][sslDetailsLink]**
SSL protects your data in transit between applications.
+
+
+[securityImplementationLink]: implementing_security.html
+[securityModelDefinition]: security_model.html
+[securityDetailReference]: security_audit_overview.html
+[enableSecurityDefinition]: enable_security.html
+[authenticationLink]: authentication_overview.html
+[authOverviewLink]: ../security/authorization_overview.html
+[postProcessingLink]: ../security/post_processing.html
+[sslDetailsLink]: ../security/ssl_overview.html
Review Comment:
(I don't particularly care for moving the links down here instead of having
them 'directly' above, but I don't have a strong objection either)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@geode.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
