Thanks for drafting the service authorization FLIP Eron. It is a very important feature which Flink is still lacking and hinders some people to deploy Flink in their cluster environments.
The overall design looks really good to me. I would suggest to make a FLIP out of it by adding it to the Flink wiki [1]. The next step would be to refine the implementation plan a little bit. In general one could split the Flip into external and internal authentication. The latter is less of a moving target right now, since Flink does not support communication via the Yarn proxy yet (which is should eventually do). But I think it would also be ok to say that we first concentrate on subset of all deployment options (e.g. Kubernetes and Standalone). Once the implementation plan is a bit clearer, we should create the corresponding JIRAs and start with the implementation work. [1] https://cwiki.apache.org/confluence/display/FLINK/Flink+Improvement+Proposals Cheers, Till On Tue, Dec 19, 2017 at 7:16 PM, Eron Wright <eronwri...@gmail.com> wrote: > Folks, what is the next step to formally submit a FLIP? i.e. assign a > number, drive to 'accepted' state? > > Given the introduction of new RPC and REST endpoints with FLIP-6, now is a > good time to agree on the approach to securing Flink. > > Thanks! > Eron > > On Mon, Nov 27, 2017 at 11:52 AM, Eron Wright <eronwri...@gmail.com> > wrote: > > > I'd like to make some progress on hardening Flink using SSL client > > authentication. Here's the FLIP proposal: > > https://docs.google.com/document/d/13IRPb2GdL842rIzMgEn0ibOQHNku6 > > W8aMf1p7gCPJjg/edit?usp=sharing > > > > 1. What is the next step to have this FLIP be accepted? > > 2. Does anyone have any objections to the technical plan? > > > > Thanks! > > Eron Wright > > Dell EMC > > > > > > >
