[jira] [Commented] (FLINK-3930) Implement Service-Level Authorization

Fri, 04 Nov 2016 07:09:29 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15636441#comment-15636441
 ] 

ASF GitHub Bot commented on FLINK-3930:
---------------------------------------

Github user StephanEwen commented on a diff in the pull request:

    https://github.com/apache/flink/pull/2425#discussion_r86543731
  
    --- Diff: docs/internals/flink_security.md ---
    @@ -28,14 +28,16 @@ This document briefly describes how Flink security 
works in the context of vario
     and the connectors that participates in Flink Job execution stage. This 
documentation can be helpful for both administrators and developers 
    --- End diff --
    
    This document should probably start with an introduction to the different 
aspects of security:
    
      - Authentication (Flink authenticates at other services)
      - Authorization (No one unauthorized access the Flink cluster)
      - Encryption (no sniffing off data and credentials)
    
    Authorization alone is probably only meaningful to prevent "accidental 
mixups", all meaningfully secure setups would need Authorization and Encryption


> Implement Service-Level Authorization
> -------------------------------------
>
>                 Key: FLINK-3930
>                 URL: https://issues.apache.org/jira/browse/FLINK-3930
>             Project: Flink
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Service-level authorization is the initial authorization mechanism to ensure 
> clients (or servers) connecting to the Flink cluster are authorized to do so. 
>   The purpose is to prevent a cluster from being used by an unauthorized 
> user, whether to execute jobs, disrupt cluster functionality, or gain access 
> to secrets stored within the cluster.
> Implement service-level authorization as described in the design doc.
> - Introduce a shared secret cookie
> - Enable Akka security cookie
> - Implement data transfer authentication
> - Secure the web dashboard



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to