Parth, We can make some 15 mins or so to discuss this at the next KIP hangout.
Thanks, Neha On Wed, Mar 25, 2015 at 1:07 PM, Parth Brahmbhatt < pbrahmbh...@hortonworks.com> wrote: > Hi all, > > I have modified the KIP to reflect the recent change request from the > reviewers. I have been working on the code and I have the server side code > for authorization ready. I am now modifying the command line utilities. I > would really appreciate if some of the committers can spend sometime to > review the KIP so we can make progress on this. > > Thanks > Parth > > On 3/18/15, 2:20 PM, "Michael Herstine" <mherst...@linkedin.com.INVALID> > wrote: > > >Hi Parth, > > > >Thanks! A few questions: > > > >1. Do you want to permit rules in your ACLs that DENY access as well as > >ALLOW? This can be handy setting up rules that have exceptions. E.g. > >“Allow principal P to READ resource R from all hosts” with “Deny principal > >P READ access to resource R from host H1” in combination would allow P to > >READ R from all hosts *except* H1. > > > >2. When a topic is newly created, will there be an ACL created for it? If > >not, would that not deny subsequent access to it? > > > >(nit) Maybe use Principal instead of String to represent principals? > > > > > >On 3/9/15, 11:48 AM, "Don Bosco Durai" <bo...@apache.org> wrote: > > > >>Parth > >> > >>Overall it is looking good. Couple of questionsŠ > >> > >>- Can you give an example how the policies will look like in the default > >>implementation? > >>- In the operations, can we support ³CONNECT² also? This can be used > >>during Session connection > >>- Regarding access control for ³Topic Creation², since we can¹t do it on > >>the server side, can we de-scope it for? And plan it as a future feature > >>request? > >> > >>Thanks > >> > >>Bosco > >> > >> > >> > >>On 3/6/15, 8:10 AM, "Harsha" <ka...@harsha.io> wrote: > >> > >>>Hi Parth, > >>> Thanks for putting this together. Overall it looks good to > >>> me. Although AdminUtils is a concern KIP-4 can probably fix > >>> that part. > >>>Thanks, > >>>Harsha > >>> > >>>On Thu, Mar 5, 2015, at 10:39 AM, Parth Brahmbhatt wrote: > >>>> Forgot to add links to wiki and jira. > >>>> > >>>> Link to wiki: > >>>> > >>>> > https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorizatio > >>>>n > >>>>+ > >>>>Interface > >>>> Link to Jira: https://issues.apache.org/jira/browse/KAFKA-1688 > >>>> > >>>> Thanks > >>>> Parth > >>>> > >>>> From: Parth Brahmbhatt > >>>> <pbrahmbh...@hortonworks.com<mailto:pbrahmbh...@hortonworks.com>> > >>>> Date: Thursday, March 5, 2015 at 10:33 AM > >>>> To: "dev@kafka.apache.org<mailto:dev@kafka.apache.org>" > >>>> <dev@kafka.apache.org<mailto:dev@kafka.apache.org>> > >>>> Subject: [DISCUSS] KIP-11- Authorization design for kafka security > >>>> > >>>> Hi, > >>>> > >>>> KIP-11 is open for discussion , I have updated the wiki with the > >>>>design > >>>> and open questions. > >>>> > >>>> Thanks > >>>> Parth > >> > >> > > > > -- Thanks, Neha
