Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/11750 )
Change subject: KUDU-2542: add initial authorization token impl ...................................................................... Patch Set 3: (1 comment) http://gerrit.cloudera.org:8080/#/c/11750/3//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/11750/3//COMMIT_MSG@19 PS3, Line 19: : The tokens leverage the same token signer as the authentication tokens, : though with the token validity interval configured via the new flag : --authz_token_validity_seconds. > I'm curious why you chose to use a new gflag rather than generalizing the e They serve to answer fundamentally different questions: how frequently will I refresh my trust that you are who you say you are, and how frequently will I refresh my trust that you are allowed to perform actions XYZ? The way we expect to refresh the trust for each of these questions is different (e.g. via KDC or via Ranger/Sentry), so it doesn't seem unreasonable to vary the intervals as well. -- To view, visit http://gerrit.cloudera.org:8080/11750 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Id28747ec38675abdf50dce1e7c176d29213e370f Gerrit-Change-Number: 11750 Gerrit-PatchSet: 3 Gerrit-Owner: Andrew Wong <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Sat, 27 Oct 2018 03:45:05 +0000 Gerrit-HasComments: Yes
