Darren You will want this thread on dev list to get traction.
Also please clarify if you mean authorization or whether you mean authentication. I read all usages as meaning to discuss authentication. thanks On Wed, Nov 4, 2020 at 9:53 AM Darren Govoni <dar...@ontrenet.com> wrote: > Greetings! > > We have an internal need to move to a specific PK based authorization for > all our nifi processors. Currently, authorizations such as basic auth and > kerberos seem to be wired directly inside the processors. My design > approach to addressing our need also seeks to factor authorization out of > processors where specific authorization handlers can be composed and > config/run time and lighten the responsibilities inside processor classes. > > Towards this end, my initial design goals for this framework are thus: > > 1) Allow various kinds of authorization handlers to be written and added > to processors without necessarily recoding the processor. > 2) Allow for a pipeline effect where one or more authorizers might need to > operate at the same time. > 3) Do not disrupt existing processors that rely on their internal coding > for authorization > 4) Use appropriate design patterns to allow for flexible implementations > of principals, credentials and other authorization assets. > 5) Secure any clear text assets (usernames and passwords) in existing > authorizations when moving them inside the framework. > > How does the community conduct initial design reviews of such changes? We > would be quite a ways from contributing anything back but want to keep in > sync with community practices and expectations to make such an offering > immediately useful. > > Regards, > Darren > >
