We have made changes to kafka code to support certificate based mutual SSL authentication. So the clients and broker will exchange trusted certificates for successful communication. This provides both authentication and ssl encryption. Planning to contribute that code back to kafka soon.
Thanks, Raja. On Thu, Aug 29, 2013 at 11:16 PM, Joe Stein <crypt...@gmail.com> wrote: > One use case I have been discussing recently with a few clients is > verifying the digital signature of a message as part of the acceptance > criteria of it being committed to the log and/or when it is consumed. > > I would be very interested in discussing different scenarios such as Kafka > as a service, privacy at rest as well as authorization and authentication > (if required). > > Hit me up > > /******************************************* > Joe Stein > Founder, Principal Consultant > Big Data Open Source Security LLC > http://www.stealth.ly > Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop> > ********************************************/ > > > On Thu, Aug 29, 2013 at 8:13 PM, Jay Kreps <jay.kr...@gmail.com> wrote: > > > +1 > > > > We don't have any application-level security at this time so the answer > is > > whatever you can do at the network/system level. > > > > -Jay > > > > > > On Thu, Aug 29, 2013 at 10:09 AM, Benjamin Black <b...@b3k.us> wrote: > > > > > IP filters on the hosts. > > > On Aug 29, 2013 10:03 AM, "Calvin Lei" <ckp...@gmail.com> wrote: > > > > > > > Is there a way to stop a malicious user to connect directly to a > kafka > > > > broker and send any messages? Could we have the brokers to accept a > > > message > > > > to a list of know IPs? > > > > > > > > > > -- Thanks, Raja.
