[jira] [Commented] (KAFKA-1477) add authentication layer and initial JKS x509 implementation for brokers, producers and consumer for network communication

Sun, 27 Jul 2014 11:44:32 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-1477?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14075679#comment-14075679
 ] 

Jun Rao commented on KAFKA-1477:
--------------------------------

Joe,

I'd rather that we don't rush to get this patch in. This is because (1) We have 
accumulated a lot of changes for the next release (0.8.2) in trunk, including 
Kafka-based offset management and the new clients. It's going to be difficult 
to absorb big patches like this in the same release. (2) I felt that we haven't 
had enough discussion on the implementation. I took at look at the changes that 
you made in https://cwiki.apache.org/confluence/display/KAFKA/Security. What's 
in there are mostly feature requirements. I was expecting to see a design doc 
of the implementation. I am no security expert, but I have questions like (a) 
should we use two separate server ports so that we can support both secure and 
non-secure clients in the same cluster (b) is a local secure file the right way 
to store security credentials? If we have a more concrete design doc, perhaps 
more people with security experience can chime in and help us make the right 
design choice.

We can also discuss whether the security feature should only be done on the new 
clients or not. At this moment, we are trying to put the old clients mostly in 
maintenance mode and will only try to fix blocker issues. The more we need to 
patch on the old clients, the more the maintenance work. Also, the new consumer 
will remove the ZK dependence. That potentially will make adding the security 
feature a bit easier on the consumer.

So, I recommend that we start working on a more concrete design doc first and 
then solicit some feedback. We can probably target this feature in 0.9.

> add authentication layer and initial JKS x509 implementation for brokers, 
> producers and consumer for network communication
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: KAFKA-1477
>                 URL: https://issues.apache.org/jira/browse/KAFKA-1477
>             Project: Kafka
>          Issue Type: New Feature
>            Reporter: Joe Stein
>            Assignee: Ivan Lyutov
>             Fix For: 0.8.2
>
>         Attachments: KAFKA-1477-binary.patch, KAFKA-1477.patch, 
> KAFKA-1477_2014-06-02_16:59:40.patch, KAFKA-1477_2014-06-02_17:24:26.patch, 
> KAFKA-1477_2014-06-03_13:46:17.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to