[jira] [Commented] (FLINK-3930) Implement Service-Level Authorization

Tue, 14 Mar 2017 12:17:58 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-3930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15924834#comment-15924834
 ] 

ASF GitHub Bot commented on FLINK-3930:
---------------------------------------

Github user EronWright commented on the issue:

    https://github.com/apache/flink/pull/2425
  
    @StephanEwen keep in mind that Flink's current SSL support in Flink doesn't 
achieve _mutual authentication_ - there's no client certificate there.    With 
SSL enabled, an untrusted client can launch jobs in your Flink cluster and thus 
gain access to the Kerberos credential associated with the cluster.
    
    SSL mutual authentication is a good alternative to a shared secret, but at 
the time we were limited to built-in Akka functionality (which doesn't include 
mutual auth).   Given the "flakka" fork that's now in place, a pure SSL 
solution might now be possible (I haven't thought it through completely).
    
    The fact remains that, today, _all the secrets known to a Flink job are 
exposed to everyone who can connect to the cluster's endpoint_.  
    
    It would be nice to construct a holistic plan that worked out how the Web 
UI would support authentication and also incorporated FLIP-6.      Both YARN 
and Mesos interpose a web proxy for the UI with its own limitations, notably no 
support for SSL mutual auth.



> Implement Service-Level Authorization
> -------------------------------------
>
>                 Key: FLINK-3930
>                 URL: https://issues.apache.org/jira/browse/FLINK-3930
>             Project: Flink
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Eron Wright 
>            Assignee: Vijay Srinivasaraghavan
>              Labels: security
>   Original Estimate: 672h
>  Remaining Estimate: 672h
>
> _This issue is part of a series of improvements detailed in the [Secure Data 
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
>  design doc._
> Service-level authorization is the initial authorization mechanism to ensure 
> clients (or servers) connecting to the Flink cluster are authorized to do so. 
>   The purpose is to prevent a cluster from being used by an unauthorized 
> user, whether to execute jobs, disrupt cluster functionality, or gain access 
> to secrets stored within the cluster.
> Implement service-level authorization as described in the design doc.
> - Introduce a shared secret cookie
> - Enable Akka security cookie
> - Implement data transfer authentication
> - Secure the web dashboard



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to