Hi Jun & Richard, Jun, thanks for your feedback and vote.
100. Thanks, I'll correct that. 101. (@Richard) in this case the principal names will be something like "CN=writeuser,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown" unless principal mapping or builder is defined (refer to [1]). I think Jun was referring to this case which is correct, semicolon seems to be a better fit in this case. Viktor https://docs.confluent.io/current/kafka/authorization.html On Thu, Jan 16, 2020 at 11:45 PM Richard Yu <yohan.richard...@gmail.com> wrote: > Hi Jun, > > Can the SSL username really include the comma? > > From what I could tell, when I searched it up, I couldn't find anything > that indicated comma can be a delimiter. > A related doc below: > https://knowledge.digicert.com/solution/SO12401.html > > Cheers, > Richard > > > > > On Thu, Jan 16, 2020 at 1:37 PM Jun Rao <j...@confluent.io> wrote: > > > Hi, Viktor, > > > > Thanks for the KIP. +1 from me. Just a couple of minor comments below. > > > > 100. CreateDelegationTokenResponse/DescribeDelegationTokenResponse. It > > seems that "validVersions" should be "0-2". > > > > 101. The option --users "owner1,owner2" in AclCommand. Since SSL user > name > > can include comma, perhaps we could use semicolon as the separator. > > > > Jun > > > > On Wed, Jan 15, 2020 at 2:11 AM Viktor Somogyi-Vass < > > viktorsomo...@gmail.com> > > wrote: > > > > > Hey folks, bumping this again as KIP freeze is nearing and I hope to > get > > > this into the next release. > > > We need only one binding vote. > > > > > > Thanks, > > > Viktor > > > > > > On Thu, Jan 9, 2020 at 1:56 PM Viktor Somogyi-Vass < > > > viktorsomo...@gmail.com> > > > wrote: > > > > > > > Bumping this in the hope of a vote or additional feedback. > > > > > > > > Viktor > > > > > > > > On Tue, Dec 3, 2019 at 1:07 PM Viktor Somogyi-Vass < > > > > viktorsomo...@gmail.com> wrote: > > > > > > > >> Hi Folks, > > > >> > > > >> I'd like to bump this once more in the hope of a binding vote or any > > > >> additional feedback. > > > >> > > > >> Thanks, > > > >> Viktor > > > >> > > > >> On Fri, Oct 25, 2019 at 2:24 PM Viktor Somogyi-Vass < > > > >> viktorsomo...@gmail.com> wrote: > > > >> > > > >>> Hi All, > > > >>> > > > >>> Would like to bump this in the hope of one binding vote (or any > > > >>> additional feedback). > > > >>> > > > >>> Thanks, > > > >>> Viktor > > > >>> > > > >>> On Wed, Sep 18, 2019 at 5:25 PM Viktor Somogyi-Vass < > > > >>> viktorsomo...@gmail.com> wrote: > > > >>> > > > >>>> Hi All, > > > >>>> > > > >>>> Harsha, Ryanne: thanks for the vote! > > > >>>> > > > >>>> I'd like to bump this again as today is the KIP freeze date and > > there > > > >>>> is still one binding vote needed which I'm hoping to get in order > to > > > have > > > >>>> this included in 2.4. > > > >>>> > > > >>>> Thanks, > > > >>>> Viktor > > > >>>> > > > >>>> On Tue, Sep 17, 2019 at 1:18 AM Ryanne Dolan < > ryannedo...@gmail.com > > > > > > >>>> wrote: > > > >>>> > > > >>>>> +1 non-binding > > > >>>>> > > > >>>>> Ryanne > > > >>>>> > > > >>>>> On Mon, Sep 16, 2019, 5:11 PM Harsha Ch <harsha...@gmail.com> > > wrote: > > > >>>>> > > > >>>>> > +1 (binding). Thanks for the KIP Viktor > > > >>>>> > > > > >>>>> > Thanks, > > > >>>>> > > > > >>>>> > Harsha > > > >>>>> > > > > >>>>> > On Mon, Sep 16, 2019 at 3:02 AM, Viktor Somogyi-Vass < > > > >>>>> > viktorsomo...@gmail.com > wrote: > > > >>>>> > > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > Hi All, > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > I'd like to bump this again in order to get some more binding > > > votes > > > >>>>> > and/or > > > >>>>> > > feedback in the hope we can push this in for 2.4. > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > Thank you Manikumar, Gabor and Ryanne so far for the votes! > > (the > > > >>>>> last two > > > >>>>> > > were on the discussion thread after starting the vote but I > > think > > > >>>>> it > > > >>>>> > still > > > >>>>> > > counts :) ) > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > Thanks, > > > >>>>> > > Viktor > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > On Wed, Aug 21, 2019 at 1:44 PM Manikumar < manikumar. reddy@ > > > >>>>> gmail. > > > >>>>> > com ( > > > >>>>> > > manikumar.re...@gmail.com ) > wrote: > > > >>>>> > > > > > >>>>> > > > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> Hi, > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> +1 (binding). > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> Thanks for the updated KIP. LGTM. > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> Thanks, > > > >>>>> > >> Manikumar > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> On Tue, Aug 6, 2019 at 3:14 PM Viktor Somogyi-Vass < > > > >>>>> viktorsomogyi@ > > > >>>>> > gmail. > > > >>>>> > >> com ( viktorsomo...@gmail.com ) > > > > >>>>> > >> wrote: > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>> Hi All, > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>> Bumping this, I'd be happy to get some additional feedback > > > and/or > > > >>>>> > votes. > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>> Thanks, > > > >>>>> > >>> Viktor > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>> On Wed, Jul 31, 2019 at 11:04 AM Viktor Somogyi-Vass < > > > >>>>> viktorsomogyi@ > > > >>>>> > gmail. > > > >>>>> > >>> com ( viktorsomo...@gmail.com ) > wrote: > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>>> Hi All, > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>>> I'd like to start a vote on this KIP. > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >> https:/ / cwiki. apache. org/ confluence/ display/ KAFKA/ > > > >>>>> > > > KIP-373%3A+Allow+users+to+create+delegation+tokens+for+other+users > > > >>>>> > >> ( > > > >>>>> > >> > > > >>>>> > > > > >>>>> > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-373%3A+Allow+users+to+create+delegation+tokens+for+other+users > > > >>>>> > >> ) > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > >>> > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>>> To summarize it: the proposed feature would allow users > > > (usually > > > >>>>> > >>>> superusers) to create delegation tokens for other users. > > This > > > is > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>> especially > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>>> helpful in Spark where the delegation token created this > way > > > >>>>> can be > > > >>>>> > >>>> distributed to workers. > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>>> I'd be happy to receive any votes or additional feedback. > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>>> Viktor > > > >>>>> > >>>> > > > >>>>> > >>>> > > > >>>>> > >>> > > > >>>>> > >>> > > > >>>>> > >> > > > >>>>> > >> > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > > > > >>>>> > > > >>>> > > > > > >
