Greetings! We have an internal need to move to a specific PK based authorization for all our nifi processors. Currently, authorizations such as basic auth and kerberos seem to be wired directly inside the processors. My design approach to addressing our need also seeks to factor authorization out of processors where specific authorization handlers can be composed and config/run time and lighten the responsibilities inside processor classes.
Towards this end, my initial design goals for this framework are thus: 1) Allow various kinds of authorization handlers to be written and added to processors without necessarily recoding the processor. 2) Allow for a pipeline effect where one or more authorizers might need to operate at the same time. 3) Do not disrupt existing processors that rely on their internal coding for authorization 4) Use appropriate design patterns to allow for flexible implementations of principals, credentials and other authorization assets. 5) Secure any clear text assets (usernames and passwords) in existing authorizations when moving them inside the framework. How does the community conduct initial design reviews of such changes? We would be quite a ways from contributing anything back but want to keep in sync with community practices and expectations to make such an offering immediately useful. Regards, Darren