Thanks to all who reviewed the document. It appears we have a good plan and I'm filing JIRA issues accordingly.
Robert, I'm in touch with Max, Stephan, and Stefano. I’ll update the thread when we have a better sense of the timing. The work will clearly span a couple of releases. Eron > On May 17, 2016, at 8:35 AM, Robert Metzger <rmetz...@apache.org> wrote: > > Hi Eron, > > thanks a lot for putting so much effort into the design document. You've > probably spend a lot of time to come up with it! > I have to admit that I'm not that familiar with the topic, so I probably > need to re-read it again to digest it completely. > > What are your plans for implementing the proposed changes? (time-wise and > people-wise?) I'm asking to get an idea of when we can expect the changes > in the master, in releases, ... > > I think Stefano Baghino also had some discussions about improving Flink's > security on the mailing list recently. Maybe you guys can sync your efforts > and collaborate on this. > > Regards, > Robert > > > On Fri, May 13, 2016 at 12:47 PM, Maximilian Michels <m...@apache.org> wrote: > >> Hi Eron, >> >> Thank you for this comprehensive design document. Really great read. >> I've left some minor comments. >> >> +1 for breaking down the tasks into many JIRA issues; we have quite >> some ambitious plans now :) It would be great to get some more people >> from the community involved as well. >> >> Best, >> Max >> >> On Wed, May 11, 2016 at 9:09 AM, Wright, Eron <ewri...@live.com> wrote: >>> Hello! >>> >>> There’s been a few discussions lately on how to improve the Kerberos >> support in Flink. I’ve drafted a design document that lays out a plan to >> support keytab-based authentication for HDFS, Kafka, and ZooKeeper. In >> addition, the plan contemplates secure, TLS-based communication between >> cluster components. >>> >>> The main goals are secure data access for Kerberized connectors and >> cluster authentication to prevent unauthorized access to cluster secrets. >>> >>> Here is the document: >>> >> https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing >>> >>> I anticipate filing a multitude of JIRAs following a design discussion. >> It is a big task and there will be opportunities for others in the >> community to help. >>> >>> Thanks, >>> Eron Wright >>> EMC >>
