Todd Lipcon has posted comments on this change. Change subject: [security] tailored TokenSigner for system catalog ......................................................................
Patch Set 7: > Good observation. As I understand, AuthnTokenManager was modeled to run > along with MasterCertAuthority. Besides aggregating TokenSigner, it has just > one additional perk of combining the code which outputs signed Token. We can > safely move that code into the TokenSigner itself. I'm not aware of future > plans to add some extra functionality into the AuthTokenManager. The reason to have it separate is that we'll sooner or later have Authz tokens as well, which can reuse the same TokenSigner code, but will probably have significantly different logic for what material goes into the token. I'm not sure whether we'd want to have different TSKs for authz vs authn -- it's probable that the tokens would have a shorter lifetime, but not sure if the TSKs should have different rotation periods, etc. Anyway, separating them also makes the code more reusable and testable IMO. -- To view, visit http://gerrit.cloudera.org:8080/5930 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ie2417e2ccba6a1114db366b2f642f95362bf479c Gerrit-PatchSet: 7 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: No
